| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Admin Benutzerkonto, Win XPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.05.2012, 14:29
| #1 |
| |  GVU Trojaner - Admin Benutzerkonto, Win XP Hallo allerseits, ich brauche eure Hilfe: Seit letzter Woche habe ich auf meinem Rechner (Win XP, SP3) auf meinem einzigen Account (Admin) einen GVU Trojaner, der sich sofort beim Start von Windows bemerkmar macht. Der Desktop wird gar nicht erst geladen, vorher erscheint schon, dass eine Verbindung hergestellt wird, dann kommt nach einer Weile das Bild mit der GVU, dass ich Geld überweisen soll etc. Was kann ich machen? Logs kann ich leider nicht erstellen, da ich nicht ins System komme. Im abgesicherten Modus komme ich leider auch nicht auf die Windows Oberfläche. Der Taskmanager ist vom Trojaner offensichtlich gesperrt. Habe auf chip.de gelesen, dass man mit Kaspersky Rescue Disk helfen kann. Wenn ich dies aber von CD starte, bleibt das Programm zu einem späteren Zeitpunkt bei mir hängen, klappt also nicht. Hat jemand eine Idee, wie mir noch zu helfen ist? Ist diese Vorgehensweise hier die richtige: http://www.trojaner-board.de/114737-gvu-trojaner.html ? Vielen Dank euch schonmal im Voraus! Ich nochmal. Die Anleitung auf der folgenden Seite vom Benutzer "cosinus" scheint ja funktioniert zu haben: http://www.trojaner-board.de/111969-...aner-echt.html Ich habe da mal den ersten Schritt ausgeführt und poste im Folgenden meine OTL.txt und Extras.txt. Kann mir jemand damit dann weiterhelfen? Vielen Dank!!!! Hallo, kann mir denn niemand helfen? In diesem Thread http://www.trojaner-board.de/111969-...aner-echt.html hat ja auch jemand (Benutzer "Cosinus") dann einen Code vorgegeben, den ich dann in OTL einspeisen muss... Danke danke für jede Hilfe! |
|
31.05.2012, 11:17
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner - Admin Benutzerkonto, Win XPZitat:
__________________ |
|
31.05.2012, 11:20
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Admin Benutzerkonto, Win XP Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O4 - HKLM..\Run: [B64Fu7wxCKTba7x] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe ()
O4 - HKU\Administrator_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe ()
O4 - HKU\systemprofile_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe ()
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe ()
O20 - HKU\Administrator_ON_C Winlogon: UserInit - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/15 08:34:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D031D15E
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BE76DBCF
@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:76650B61
:Files
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe
C:\WINDOWS\System32\dds_log_ad13.cmd
C:\WINDOWS\System32\blckdom.res
C:\WINDOWS\System32\UAs
C:\WINDOWS\System32\08039
C:\WINDOWS\System32\xmldm
C:\WINDOWS\System32\kock
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
31.05.2012, 18:43
| #4 |
| | GVU Trojaner - Admin Benutzerkonto, Win XP Tut mir echt Leid, dass ich gequängelt hab! Sorry. Vielen Dank für die Hilfe. Habe die ersten Schritte wie befohlen ausgeführt. Hier nun der Log nach dem Fix in OTL: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\B64Fu7wxCKTba7x deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\B64Fu7wxCKTba7x deleted successfully.
File C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe not found.
Registry value HKEY_USERS\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
C:\WINDOWS\system32\ctfmon.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk moved successfully.
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe moved successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.
C:\Programme\Bonjour\mdnsNSP.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe deleted successfully.
File C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe deleted successfully.
File C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe deleted successfully.
File C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe not found.
Registry value HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe deleted successfully.
File C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D031D15E deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BE76DBCF deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:76650B61 deleted successfully.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ArchiverforWin.exe not found.
C:\WINDOWS\System32\dds_log_ad13.cmd moved successfully.
C:\WINDOWS\System32\blckdom.res moved successfully.
C:\WINDOWS\System32\UAs folder moved successfully.
C:\WINDOWS\System32\08039\components folder moved successfully.
C:\WINDOWS\System32\08039 folder moved successfully.
C:\WINDOWS\System32\xmldm folder moved successfully.
C:\WINDOWS\System32\kock folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 05312012_213537
Nach ca. 5min startet Windows dann doch, nachdem am Anfang nur der Desktophintergrund zu sehen war. Es werden keine Desktopsymbole angezeigt, aber ich kann den Explorer öffnen. Wie in der anderen Anleitung (siehe Link in meinem ersten Beitrag) angegeben, habe ich auch schon mal TDSS-Killer von Kaspersky gestartet. Hier der Log von dem TDSS-Scan: Code:
ATTFilter 22:24:44.0437 3708 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:24:44.0453 3708 ============================================================
22:24:44.0453 3708 Current date / time: 2012/05/31 22:24:44.0453
22:24:44.0453 3708 SystemInfo:
22:24:44.0453 3708
22:24:44.0453 3708 OS Version: 5.1.2600 ServicePack: 3.0
22:24:44.0453 3708 Product type: Workstation
22:24:44.0453 3708 ComputerName: PC
22:24:44.0453 3708 UserName: Administrator
22:24:44.0453 3708 Windows directory: C:\WINDOWS
22:24:44.0453 3708 System windows directory: C:\WINDOWS
22:24:44.0453 3708 Processor architecture: Intel x86
22:24:44.0453 3708 Number of processors: 1
22:24:44.0453 3708 Page size: 0x1000
22:24:44.0453 3708 Boot type: Normal boot
22:24:44.0453 3708 ============================================================
22:24:45.0593 3708 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:24:45.0593 3708 Drive \Device\Harddisk1\DR4 - Size: 0x1F400000 (0.49 Gb), SectorSize: 0x200, Cylinders: 0x3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:24:45.0593 3708 ============================================================
22:24:45.0593 3708 \Device\Harddisk0\DR0:
22:24:45.0593 3708 MBR partitions:
22:24:45.0593 3708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4B139
22:24:45.0593 3708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x62408CD
22:24:45.0593 3708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7F8BA45, BlocksNum 0xAA8D07C
22:24:45.0593 3708 \Device\Harddisk1\DR4:
22:24:45.0593 3708 MBR partitions:
22:24:45.0593 3708 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF9FDF
22:24:45.0593 3708 ============================================================
22:24:45.0593 3708 C: <-> \Device\Harddisk0\DR0\Partition0
22:24:45.0656 3708 F: <-> \Device\Harddisk0\DR0\Partition2
22:24:45.0687 3708 D: <-> \Device\Harddisk0\DR0\Partition1
22:24:45.0687 3708 ============================================================
22:24:45.0687 3708 Initialize success
22:24:45.0687 3708 ============================================================
22:26:16.0468 2232 ============================================================
22:26:16.0468 2232 Scan started
22:26:16.0468 2232 Mode: Manual; SigCheck; TDLFS;
22:26:16.0468 2232 ============================================================
22:26:16.0781 2232 3xHybrid (1ea2cd0426ab053df019cdcff97a5cd8) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
22:26:17.0109 2232 3xHybrid - ok
22:26:17.0125 2232 a016mdm (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\wlsetupsvc.dll
22:26:17.0187 2232 a016mdm ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:17.0187 2232 a016mdm - detected Backdoor.Multi.ZAccess.gen (0)
22:26:17.0203 2232 Abiosdsk - ok
22:26:17.0218 2232 abp480n5 - ok
22:26:17.0234 2232 acdservice (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\wcontrol.dll
22:26:17.0234 2232 acdservice ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:17.0234 2232 acdservice - detected Backdoor.Multi.ZAccess.gen (0)
22:26:17.0281 2232 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:17.0812 2232 ACPI - ok
22:26:17.0843 2232 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:26:18.0000 2232 ACPIEC - ok
22:26:18.0031 2232 AdfuUd (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\se2End5.dll
22:26:18.0031 2232 AdfuUd ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:18.0031 2232 AdfuUd - detected Backdoor.Multi.ZAccess.gen (0)
22:26:18.0046 2232 adpu160m - ok
22:26:18.0062 2232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:26:18.0156 2232 aec - ok
22:26:18.0187 2232 AFD (925051fe24b4af88dfa97493be10e107) C:\WINDOWS\System32\drivers\afd.sys
22:26:18.0187 2232 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 925051fe24b4af88dfa97493be10e107, Fake md5: 322d0e36693d6e24a2398bee62a268cd
22:26:18.0187 2232 AFD ( Virus.Win32.ZAccess.g ) - infected
22:26:18.0187 2232 AFD - detected Virus.Win32.ZAccess.g (0)
22:26:18.0218 2232 agentsrv (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\elotouchscreen.dll
22:26:18.0218 2232 agentsrv ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:18.0218 2232 agentsrv - detected Backdoor.Multi.ZAccess.gen (0)
22:26:18.0234 2232 Aha154x - ok
22:26:18.0234 2232 aic78u2 - ok
22:26:18.0250 2232 aic78xx - ok
22:26:18.0296 2232 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
22:26:18.0375 2232 ALCXSENS - ok
22:26:18.0406 2232 ALCXWDM (9a6a99f0d75b457e3a2267776ebe9f47) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:26:18.0468 2232 ALCXWDM - ok
22:26:18.0500 2232 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
22:26:18.0593 2232 Alerter - ok
22:26:18.0609 2232 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
22:26:18.0718 2232 ALG - ok
22:26:18.0734 2232 AliIde - ok
22:26:18.0750 2232 AmdK8 (23622661f5a52f34c4129611ca68b398) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:26:18.0781 2232 AmdK8 - ok
22:26:18.0796 2232 amsint - ok
22:26:18.0796 2232 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
22:26:19.0000 2232 androidusb - ok
22:26:19.0078 2232 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) D:\Programme\Avira\AntiVir Desktop\sched.exe
22:26:19.0093 2232 AntiVirSchedulerService - ok
22:26:19.0125 2232 AntiVirService (df5a3016052755c910a206058b4a1729) D:\Programme\Avira\AntiVir Desktop\avguard.exe
22:26:19.0140 2232 AntiVirService - ok
22:26:19.0171 2232 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
22:26:19.0281 2232 AppMgmt - ok
22:26:19.0312 2232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:26:19.0406 2232 Arp1394 - ok
22:26:19.0421 2232 asc - ok
22:26:19.0421 2232 asc3350p - ok
22:26:19.0437 2232 asc3550 - ok
22:26:19.0468 2232 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
22:26:19.0484 2232 AsIO - ok
22:26:19.0500 2232 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
22:26:19.0500 2232 aslm75 ( UnsignedFile.Multi.Generic ) - warning
22:26:19.0500 2232 aslm75 - detected UnsignedFile.Multi.Generic (1)
22:26:19.0578 2232 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:26:19.0609 2232 aspnet_state - ok
22:26:19.0625 2232 astcc (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\rupsmon.dll
22:26:19.0625 2232 astcc ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:19.0625 2232 astcc - detected Backdoor.Multi.ZAccess.gen (0)
22:26:19.0656 2232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:19.0750 2232 AsyncMac - ok
22:26:19.0765 2232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:19.0859 2232 atapi - ok
22:26:19.0875 2232 Atdisk - ok
22:26:19.0937 2232 Ati HotKey Poller (28c15e1d8f39f40e69d8b1feedb9161d) C:\WINDOWS\system32\Ati2evxx.exe
22:26:19.0984 2232 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
22:26:19.0984 2232 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
22:26:20.0031 2232 ATI Smart (960f36a5382db8b7a95f9ccfeebff761) C:\WINDOWS\system32\ati2sgag.exe
22:26:20.0062 2232 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
22:26:20.0062 2232 ATI Smart - detected UnsignedFile.Multi.Generic (1)
22:26:20.0531 2232 ati2mtag (756a1320c96d2b4e74d22423959af431) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:26:20.0781 2232 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
22:26:20.0781 2232 ati2mtag - detected UnsignedFile.Multi.Generic (1)
22:26:20.0921 2232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:21.0031 2232 Atmarpc - ok
22:26:21.0062 2232 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
22:26:21.0156 2232 AudioSrv - ok
22:26:21.0171 2232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:21.0281 2232 audstub - ok
22:26:21.0296 2232 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys
22:26:21.0312 2232 avgio - ok
22:26:21.0328 2232 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:26:21.0343 2232 avgntflt - ok
22:26:21.0375 2232 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:26:21.0375 2232 avipbb - ok
22:26:21.0406 2232 bdfsfltr (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\remoteaccess.dll
22:26:21.0406 2232 bdfsfltr ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:21.0406 2232 bdfsfltr - detected Backdoor.Multi.ZAccess.gen (0)
22:26:21.0437 2232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:26:21.0562 2232 Beep - ok
22:26:21.0578 2232 besclient (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\messenger.dll
22:26:21.0578 2232 besclient ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:21.0578 2232 besclient - detected Backdoor.Multi.ZAccess.gen (0)
22:26:21.0625 2232 bh611 (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\iwebmsg.dll
22:26:21.0625 2232 bh611 ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:21.0625 2232 bh611 - detected Backdoor.Multi.ZAccess.gen (0)
22:26:21.0671 2232 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
22:26:21.0781 2232 BITS - ok
22:26:21.0796 2232 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:26:21.0906 2232 Bridge - ok
22:26:21.0906 2232 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:26:22.0000 2232 BridgeMP - ok
22:26:22.0031 2232 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
22:26:22.0125 2232 Browser - ok
22:26:22.0156 2232 bthusb (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\pclepci.dll
22:26:22.0156 2232 bthusb ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:22.0156 2232 bthusb - detected Backdoor.Multi.ZAccess.gen (0)
22:26:22.0187 2232 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:26:22.0187 2232 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
22:26:22.0187 2232 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
22:26:22.0218 2232 c-dillasrv (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\SaiNtBus.dll
22:26:22.0218 2232 c-dillasrv ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:22.0218 2232 c-dillasrv - detected Backdoor.Multi.ZAccess.gen (0)
22:26:22.0234 2232 CamAv (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\nbservice.dll
22:26:22.0234 2232 CamAv ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:22.0234 2232 CamAv - detected Backdoor.Multi.ZAccess.gen (0)
22:26:22.0250 2232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:22.0390 2232 cbidf2k - ok
22:26:22.0406 2232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:26:22.0484 2232 CCDECODE - ok
22:26:22.0500 2232 cd20xrnt - ok
22:26:22.0531 2232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:22.0656 2232 Cdaudio - ok
22:26:22.0671 2232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:22.0765 2232 Cdfs - ok
22:26:22.0781 2232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:22.0875 2232 Cdrom - ok
22:26:22.0890 2232 Changer - ok
22:26:22.0906 2232 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe
22:26:23.0000 2232 cisvc - ok
22:26:23.0015 2232 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
22:26:23.0109 2232 ClipSrv - ok
22:26:23.0187 2232 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:23.0265 2232 clr_optimization_v2.0.50727_32 - ok
22:26:23.0281 2232 CmdIde - ok
22:26:23.0281 2232 COMSysApp - ok
22:26:23.0296 2232 Cpqarray - ok
22:26:23.0359 2232 cpuz - ok
22:26:23.0375 2232 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
22:26:23.0468 2232 CryptSvc - ok
22:26:23.0484 2232 ctusfsyn (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\BcmSqlStartupSvc.dll
22:26:23.0484 2232 ctusfsyn ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:23.0484 2232 ctusfsyn - detected Backdoor.Multi.ZAccess.gen (0)
22:26:23.0515 2232 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:26:23.0546 2232 CVirtA - ok
22:26:23.0640 2232 CVPND (66257cb4e4fb69887cddc71663741435) D:\Programme\VPN Client\cvpnd.exe
22:26:23.0718 2232 CVPND - ok
22:26:23.0750 2232 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:26:23.0781 2232 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:26:23.0781 2232 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:26:23.0781 2232 dac2w2k - ok
22:26:23.0796 2232 dac960nt - ok
22:26:23.0828 2232 DCamUSBMke (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\vzfw.dll
22:26:23.0828 2232 DCamUSBMke ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:23.0828 2232 DCamUSBMke - detected Backdoor.Multi.ZAccess.gen (0)
22:26:23.0875 2232 DcomLaunch (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
22:26:23.0968 2232 DcomLaunch - ok
22:26:24.0000 2232 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
22:26:24.0093 2232 Dhcp - ok
22:26:24.0109 2232 digisptiservice (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\msmpsvc.dll
22:26:24.0109 2232 digisptiservice ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:24.0109 2232 digisptiservice - detected Backdoor.Multi.ZAccess.gen (0)
22:26:24.0125 2232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:24.0218 2232 Disk - ok
22:26:24.0250 2232 dlartl_n (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\XUIF.dll
22:26:24.0328 2232 dlartl_n ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:24.0328 2232 dlartl_n - detected Backdoor.Multi.ZAccess.gen (0)
22:26:24.0328 2232 dmadmin - ok
22:26:24.0390 2232 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:26:24.0531 2232 dmboot - ok
22:26:24.0546 2232 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:26:24.0656 2232 dmio - ok
22:26:24.0671 2232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:26:24.0796 2232 dmload - ok
22:26:24.0812 2232 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
22:26:24.0906 2232 dmserver - ok
22:26:24.0921 2232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:26:25.0000 2232 DMusic - ok
22:26:25.0015 2232 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:26:25.0031 2232 DNE - ok
22:26:25.0062 2232 Dnscache (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
22:26:25.0156 2232 Dnscache - ok
22:26:25.0171 2232 dnserver32 (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\TcUsb.dll
22:26:25.0187 2232 dnserver32 ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:25.0187 2232 dnserver32 - detected Backdoor.Multi.ZAccess.gen (0)
22:26:25.0218 2232 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:26:25.0312 2232 Dot3svc - ok
22:26:25.0312 2232 dpti2o - ok
22:26:25.0312 2232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:25.0421 2232 drmkaud - ok
22:26:25.0437 2232 DS1410D - ok
22:26:25.0468 2232 DSDrvNT (5088d03e627d664a1147e25c79e4bcc5) D:\Installationen\VirtualDubVCR\DSDrvNT.sys
22:26:25.0468 2232 DSDrvNT ( UnsignedFile.Multi.Generic ) - warning
22:26:25.0468 2232 DSDrvNT - detected UnsignedFile.Multi.Generic (1)
22:26:25.0515 2232 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
22:26:25.0531 2232 dtscsi - ok
22:26:25.0578 2232 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:26:25.0656 2232 EapHost - ok
22:26:25.0671 2232 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
22:26:25.0687 2232 ElbyCDIO - ok
22:26:25.0703 2232 elbydelay (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\BrPar.dll
22:26:25.0703 2232 elbydelay ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:25.0703 2232 elbydelay - detected Backdoor.Multi.ZAccess.gen (0)
22:26:25.0734 2232 enecbpth (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\Si3132.dll
22:26:25.0734 2232 enecbpth ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:25.0734 2232 enecbpth - detected Backdoor.Multi.ZAccess.gen (0)
22:26:25.0750 2232 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
22:26:25.0750 2232 ENTECH ( UnsignedFile.Multi.Generic ) - warning
22:26:25.0750 2232 ENTECH - detected UnsignedFile.Multi.Generic (1)
22:26:25.0781 2232 enxpsvr (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\ups.dll
22:26:25.0781 2232 enxpsvr ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:25.0781 2232 enxpsvr - detected Backdoor.Multi.ZAccess.gen (0)
22:26:25.0796 2232 EPOWER (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\USBCamera.dll
22:26:25.0796 2232 EPOWER ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:25.0796 2232 EPOWER - detected Backdoor.Multi.ZAccess.gen (0)
22:26:25.0812 2232 epsonbidirectionalagent (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\asp.net_2.0.50727.dll
22:26:25.0812 2232 epsonbidirectionalagent ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:25.0812 2232 epsonbidirectionalagent - detected Backdoor.Multi.ZAccess.gen (0)
22:26:25.0843 2232 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
22:26:25.0937 2232 ERSvc - ok
22:26:25.0953 2232 Eventlog (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
22:26:26.0046 2232 Eventlog - ok
22:26:26.0062 2232 EventSystem (0f3edaee1ef97cf3db2be23a7289b78c) C:\WINDOWS\System32\es.dll
22:26:26.0171 2232 EventSystem - ok
22:26:26.0187 2232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:26.0296 2232 Fastfat - ok
22:26:26.0312 2232 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
22:26:26.0343 2232 fasttx2k - ok
22:26:26.0375 2232 FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
22:26:26.0453 2232 FastUserSwitchingCompatibility - ok
22:26:26.0484 2232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:26:26.0562 2232 Fdc - ok
22:26:26.0578 2232 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:26:26.0671 2232 Fips - ok
22:26:26.0796 2232 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Programme\Common\Database\bin\fbserver.exe
22:26:26.0890 2232 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
22:26:26.0890 2232 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
22:26:26.0968 2232 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:26:27.0000 2232 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:26:27.0000 2232 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:26:27.0125 2232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:26:27.0203 2232 Flpydisk - ok
22:26:27.0234 2232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:26:27.0328 2232 FltMgr - ok
22:26:27.0390 2232 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:27.0406 2232 FontCache3.0.0.0 - ok
22:26:27.0421 2232 framework (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\armoucfltr.dll
22:26:27.0421 2232 framework ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:27.0421 2232 framework - detected Backdoor.Multi.ZAccess.gen (0)
22:26:27.0453 2232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:27.0578 2232 Fs_Rec - ok
22:26:27.0593 2232 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:27.0734 2232 Ftdisk - ok
22:26:27.0750 2232 GameConsoleService (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\aic78xx.dll
22:26:27.0750 2232 GameConsoleService ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:27.0750 2232 GameConsoleService - detected Backdoor.Multi.ZAccess.gen (0)
22:26:27.0781 2232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:27.0875 2232 Gpc - ok
22:26:27.0890 2232 gs30s (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\UMPass.dll
22:26:27.0906 2232 gs30s ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:27.0906 2232 gs30s - detected Backdoor.Multi.ZAccess.gen (0)
22:26:27.0937 2232 GTF32BUS (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\centennialiptransferagent.dll
22:26:27.0937 2232 GTF32BUS ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:27.0937 2232 GTF32BUS - detected Backdoor.Multi.ZAccess.gen (0)
22:26:27.0953 2232 gupdate - ok
22:26:27.0984 2232 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:26:28.0078 2232 helpsvc - ok
22:26:28.0109 2232 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
22:26:28.0203 2232 HidServ - ok
22:26:28.0218 2232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:28.0312 2232 HidUsb - ok
22:26:28.0343 2232 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:26:28.0437 2232 hkmsvc - ok
22:26:28.0437 2232 hpn - ok
22:26:28.0468 2232 HpqKbFiltr (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\FsVga.dll
22:26:28.0468 2232 HpqKbFiltr ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:28.0468 2232 HpqKbFiltr - detected Backdoor.Multi.ZAccess.gen (0)
22:26:28.0484 2232 hpt3xx - ok
22:26:28.0500 2232 hpwirelessmgr (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\SWNC8U51.dll
22:26:28.0500 2232 hpwirelessmgr ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:28.0500 2232 hpwirelessmgr - detected Backdoor.Multi.ZAccess.gen (0)
22:26:28.0531 2232 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:28.0609 2232 HTTP - ok
22:26:28.0625 2232 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
22:26:28.0718 2232 HTTPFilter - ok
22:26:28.0718 2232 i2omgmt - ok
22:26:28.0734 2232 i2omp - ok
22:26:28.0750 2232 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:26:28.0843 2232 i8042prt - ok
22:26:28.0921 2232 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:26:28.0953 2232 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:26:28.0953 2232 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:26:29.0015 2232 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:29.0062 2232 idsvc - ok
22:26:29.0093 2232 igateway (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\logmein.dll
22:26:29.0093 2232 igateway ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:29.0093 2232 igateway - detected Backdoor.Multi.ZAccess.gen (0)
22:26:29.0125 2232 imap4d32 (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\vwkernel.dll
22:26:29.0125 2232 imap4d32 ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:29.0125 2232 imap4d32 - detected Backdoor.Multi.ZAccess.gen (0)
22:26:29.0140 2232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:29.0234 2232 Imapi - ok
22:26:29.0265 2232 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
22:26:29.0359 2232 ImapiService - ok
22:26:29.0375 2232 incdrec (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\netdevio.dll
22:26:29.0375 2232 incdrec ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:29.0375 2232 incdrec - detected Backdoor.Multi.ZAccess.gen (0)
22:26:29.0390 2232 ini910u - ok
22:26:29.0406 2232 IntelIde - ok
22:26:29.0437 2232 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:26:29.0515 2232 ip6fw - ok
22:26:29.0531 2232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:29.0656 2232 IpFilterDriver - ok
22:26:29.0671 2232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:29.0750 2232 IpInIp - ok
22:26:29.0781 2232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:29.0875 2232 IpNat - ok
22:26:29.0890 2232 ipodsrv (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\emclisrv.dll
22:26:29.0890 2232 ipodsrv ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:29.0890 2232 ipodsrv - detected Backdoor.Multi.ZAccess.gen (0)
22:26:29.0906 2232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:30.0000 2232 IPSec - ok
22:26:30.0015 2232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:30.0093 2232 IRENUM - ok
22:26:30.0109 2232 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:30.0187 2232 isapnp - ok
22:26:30.0265 2232 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) D:\Programme\Java\bin\jqs.exe
22:26:30.0281 2232 JavaQuickStarterService - ok
22:26:30.0328 2232 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:30.0406 2232 Kbdclass - ok
22:26:30.0437 2232 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:30.0515 2232 kbdhid - ok
22:26:30.0531 2232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:26:30.0625 2232 kmixer - ok
22:26:30.0640 2232 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:30.0718 2232 KSecDD - ok
22:26:30.0750 2232 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
22:26:30.0843 2232 lanmanserver - ok
22:26:30.0859 2232 lanmanworkstation (c0db1e9367681ecd7ecca9615c1d0f9b) C:\WINDOWS\System32\wkssvc.dll
22:26:30.0968 2232 lanmanworkstation - ok
22:26:30.0968 2232 lbrtfdc - ok
22:26:31.0000 2232 livesrv (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\lvselsus.dll
22:26:31.0000 2232 livesrv ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:31.0000 2232 livesrv - detected Backdoor.Multi.ZAccess.gen (0)
22:26:31.0031 2232 lktimesync (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\mcrdsvc.dll
22:26:31.0031 2232 lktimesync ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:31.0031 2232 lktimesync - detected Backdoor.Multi.ZAccess.gen (0)
22:26:31.0062 2232 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
22:26:31.0140 2232 LmHosts - ok
22:26:31.0156 2232 lvselsus (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\AtlsAud.dll
22:26:31.0156 2232 lvselsus ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:31.0156 2232 lvselsus - detected Backdoor.Multi.ZAccess.gen (0)
22:26:31.0187 2232 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:26:31.0187 2232 MBAMProtector - ok
22:26:31.0265 2232 MBAMService (de199f3aa9c541a349af95a5c72a71af) D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
22:26:31.0281 2232 MBAMService - ok
22:26:31.0281 2232 MBAMSwissArmy - ok
22:26:31.0312 2232 mdc8021x (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\system32\irmon.dll
22:26:31.0406 2232 mdc8021x - ok
22:26:31.0406 2232 merakcontrol - ok
22:26:31.0453 2232 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
22:26:31.0531 2232 Messenger - ok
22:26:31.0546 2232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:31.0671 2232 mnmdd - ok
22:26:31.0703 2232 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
22:26:31.0781 2232 mnmsrvc - ok
22:26:31.0812 2232 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:26:31.0890 2232 Modem - ok
22:26:31.0906 2232 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:31.0984 2232 Mouclass - ok
22:26:32.0015 2232 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:32.0140 2232 mouhid - ok
22:26:32.0156 2232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:32.0250 2232 MountMgr - ok
22:26:32.0250 2232 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:26:32.0343 2232 MPE - ok
22:26:32.0343 2232 mpservice - ok
22:26:32.0359 2232 mraid35x - ok
22:26:32.0375 2232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:32.0468 2232 MRxDAV - ok
22:26:32.0515 2232 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:32.0625 2232 MRxSmb - ok
22:26:32.0640 2232 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
22:26:32.0718 2232 MSDTC - ok
22:26:32.0734 2232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:26:32.0812 2232 Msfs - ok
22:26:32.0812 2232 MSIServer - ok
22:26:32.0843 2232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:32.0953 2232 MSKSSRV - ok
22:26:32.0953 2232 msloop - ok
22:26:32.0968 2232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:33.0062 2232 MSPCLOCK - ok
22:26:33.0062 2232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:33.0156 2232 MSPQM - ok
22:26:33.0187 2232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:33.0265 2232 mssmbios - ok
22:26:33.0281 2232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:26:33.0359 2232 MSTEE - ok
22:26:33.0375 2232 MSW_USB - ok
22:26:33.0390 2232 MTDVC2 - ok
22:26:33.0406 2232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:26:33.0484 2232 Mup - ok
22:26:33.0500 2232 mvdcodec (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\dm1service.dll
22:26:33.0500 2232 mvdcodec ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:33.0500 2232 mvdcodec - detected Backdoor.Multi.ZAccess.gen (0)
22:26:33.0515 2232 MXOPSWD - ok
22:26:33.0546 2232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:26:33.0640 2232 NABTSFEC - ok
22:26:33.0671 2232 nalntservice (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\Ndisipo.dll
22:26:33.0671 2232 nalntservice ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:33.0671 2232 nalntservice - detected Backdoor.Multi.ZAccess.gen (0)
22:26:33.0703 2232 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:26:33.0796 2232 napagent - ok
22:26:33.0812 2232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:26:33.0921 2232 NDIS - ok
22:26:33.0937 2232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:26:34.0031 2232 NdisIP - ok
22:26:34.0046 2232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:34.0125 2232 NdisTapi - ok
22:26:34.0140 2232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:34.0234 2232 Ndisuio - ok
22:26:34.0250 2232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:34.0328 2232 NdisWan - ok
22:26:34.0343 2232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:34.0437 2232 NDProxy - ok
22:26:34.0453 2232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:34.0562 2232 NetBIOS - ok
22:26:34.0578 2232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:34.0687 2232 NetBT - ok
22:26:34.0750 2232 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:26:34.0859 2232 NetDDE - ok
22:26:34.0859 2232 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:26:34.0953 2232 NetDDEdsdm - ok
22:26:34.0953 2232 NETFWDSL - ok
22:26:34.0984 2232 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
22:26:35.0078 2232 Netlogon - ok
22:26:35.0109 2232 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
22:26:35.0203 2232 Netman - ok
22:26:35.0218 2232 netmnt (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\vmware.dll
22:26:35.0218 2232 netmnt ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:35.0218 2232 netmnt - detected Backdoor.Multi.ZAccess.gen (0)
22:26:35.0296 2232 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:35.0296 2232 NetTcpPortSharing - ok
22:26:35.0312 2232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:26:35.0406 2232 NIC1394 - ok
22:26:35.0437 2232 NICSer_WPC54G (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\eeyeevnt.dll
22:26:35.0437 2232 NICSer_WPC54G ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:35.0437 2232 NICSer_WPC54G - detected Backdoor.Multi.ZAccess.gen (0)
22:26:35.0453 2232 NinjaUSB (16220ba146234625b50c055f413edf03) C:\WINDOWS\system32\drivers\NinjaUSB.sys
22:26:35.0468 2232 NinjaUSB ( UnsignedFile.Multi.Generic ) - warning
22:26:35.0468 2232 NinjaUSB - detected UnsignedFile.Multi.Generic (1)
22:26:35.0500 2232 Nla (f12b9d9a069331877d006cc81b4735f9) C:\WINDOWS\System32\mswsock.dll
22:26:35.0593 2232 Nla - ok
22:26:35.0625 2232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:26:35.0718 2232 Npfs - ok
22:26:35.0765 2232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:35.0875 2232 Ntfs - ok
22:26:35.0906 2232 ntgrip (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\utilman.dll
22:26:35.0906 2232 ntgrip ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:35.0906 2232 ntgrip - detected Backdoor.Multi.ZAccess.gen (0)
22:26:35.0906 2232 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
22:26:35.0984 2232 NtLmSsp - ok
22:26:36.0015 2232 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
22:26:36.0140 2232 NtmsSvc - ok
22:26:36.0171 2232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:26:36.0281 2232 Null - ok
22:26:36.0312 2232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:36.0421 2232 NwlnkFlt - ok
22:26:36.0421 2232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:36.0515 2232 NwlnkFwd - ok
22:26:36.0625 2232 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
22:26:36.0671 2232 odserv - ok
22:26:36.0687 2232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:26:36.0765 2232 ohci1394 - ok
22:26:36.0796 2232 ONSIO (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\bb-run.dll
22:26:36.0796 2232 ONSIO ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:36.0796 2232 ONSIO - detected Backdoor.Multi.ZAccess.gen (0)
22:26:36.0812 2232 oracleorahometnslistener (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\stcagent.dll
22:26:36.0812 2232 oracleorahometnslistener ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:36.0812 2232 oracleorahometnslistener - detected Backdoor.Multi.ZAccess.gen (0)
22:26:36.0859 2232 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:26:36.0890 2232 ose - ok
22:26:36.0906 2232 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:26:37.0015 2232 Parport - ok
22:26:37.0015 2232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:37.0109 2232 PartMgr - ok
22:26:37.0125 2232 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:37.0234 2232 ParVdm - ok
22:26:37.0250 2232 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:37.0343 2232 PCI - ok
22:26:37.0343 2232 PCIDump - ok
22:26:37.0343 2232 PCIIde - ok
22:26:37.0375 2232 PCLEPCI (ab1b09736d26e0dadddaae41b2745c57) C:\WINDOWS\system32\Drivers\PCLEPCI.SYS
22:26:37.0390 2232 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
22:26:37.0390 2232 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
22:26:37.0406 2232 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:37.0500 2232 Pcmcia - ok
22:26:37.0515 2232 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:26:37.0531 2232 pcouffin ( UnsignedFile.Multi.Generic ) - warning
22:26:37.0531 2232 pcouffin - detected UnsignedFile.Multi.Generic (1)
22:26:37.0546 2232 pctvvbi (eb7de8f91803f267e899f87197731664) C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
22:26:37.0578 2232 pctvvbi - ok
22:26:37.0578 2232 PDCOMP - ok
22:26:37.0593 2232 PDFRAME - ok
22:26:37.0609 2232 pdlncbas (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\tnbrlds.dll
22:26:37.0609 2232 pdlncbas ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:37.0609 2232 pdlncbas - detected Backdoor.Multi.ZAccess.gen (0)
22:26:37.0625 2232 PDRELI - ok
22:26:37.0625 2232 PDRFRAME - ok
22:26:37.0656 2232 pensup (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\se26unic.dll
22:26:37.0656 2232 pensup ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:37.0656 2232 pensup - detected Backdoor.Multi.ZAccess.gen (0)
22:26:37.0671 2232 perc2 - ok
22:26:37.0671 2232 perc2hib - ok
22:26:37.0718 2232 personalsecuredriveservice (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\null.dll
22:26:37.0718 2232 personalsecuredriveservice ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:37.0718 2232 personalsecuredriveservice - detected Backdoor.Multi.ZAccess.gen (0)
22:26:37.0734 2232 Pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
22:26:37.0750 2232 Pfc ( UnsignedFile.Multi.Generic ) - warning
22:26:37.0750 2232 Pfc - detected UnsignedFile.Multi.Generic (1)
22:26:37.0750 2232 phc600 - ok
22:26:37.0765 2232 picturetaker (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\akshasp.dll
22:26:37.0765 2232 picturetaker ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:37.0765 2232 picturetaker - detected Backdoor.Multi.ZAccess.gen (0)
22:26:37.0796 2232 PlugPlay (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
22:26:37.0890 2232 PlugPlay - ok
22:26:37.0906 2232 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
22:26:37.0984 2232 PolicyAgent - ok
22:26:38.0000 2232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:38.0093 2232 PptpMiniport - ok
22:26:38.0125 2232 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:26:38.0203 2232 Processor - ok
22:26:38.0218 2232 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:26:38.0296 2232 ProtectedStorage - ok
22:26:38.0312 2232 proxyserverservice (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\ONSIO.dll
22:26:38.0328 2232 proxyserverservice ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:38.0328 2232 proxyserverservice - detected Backdoor.Multi.ZAccess.gen (0)
22:26:38.0328 2232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:38.0437 2232 PSched - ok
22:26:38.0453 2232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:38.0562 2232 Ptilink - ok
22:26:38.0593 2232 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:26:38.0609 2232 PxHelp20 - ok
22:26:38.0609 2232 ql1080 - ok
22:26:38.0609 2232 Ql10wnt - ok
22:26:38.0625 2232 ql12160 - ok
22:26:38.0625 2232 ql1240 - ok
22:26:38.0640 2232 ql1280 - ok
22:26:38.0656 2232 rapapp - ok
22:26:38.0671 2232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:38.0765 2232 RasAcd - ok
22:26:38.0796 2232 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
22:26:38.0875 2232 RasAuto - ok
22:26:38.0906 2232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:39.0000 2232 Rasl2tp - ok
22:26:39.0046 2232 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
22:26:39.0125 2232 RasMan - ok
22:26:39.0125 2232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:39.0234 2232 RasPppoe - ok
22:26:39.0234 2232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:39.0328 2232 Raspti - ok
22:26:39.0359 2232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:39.0453 2232 Rdbss - ok
22:26:39.0468 2232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:39.0562 2232 RDPCDD - ok
22:26:39.0593 2232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:39.0687 2232 rdpdr - ok
22:26:39.0718 2232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:39.0796 2232 RDPWD - ok
22:26:39.0812 2232 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
22:26:39.0937 2232 RDSessMgr - ok
22:26:39.0968 2232 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:40.0062 2232 redbook - ok
22:26:40.0078 2232 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
22:26:40.0171 2232 RemoteAccess - ok
22:26:40.0187 2232 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
22:26:40.0265 2232 RemoteRegistry - ok
22:26:40.0281 2232 rimmptsk - ok
22:26:40.0312 2232 rimsptsk (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\InterBaseServer.dll
22:26:40.0312 2232 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:40.0312 2232 rimsptsk - detected Backdoor.Multi.ZAccess.gen (0)
22:26:40.0343 2232 roxupnpserver (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\pptchpad.dll
22:26:40.0343 2232 roxupnpserver ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:40.0343 2232 roxupnpserver - detected Backdoor.Multi.ZAccess.gen (0)
22:26:40.0359 2232 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
22:26:40.0453 2232 RpcLocator - ok
22:26:40.0500 2232 RpcSs (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
22:26:40.0593 2232 RpcSs - ok
22:26:41.0062 2232 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
22:26:41.0156 2232 RSVP - ok
22:26:41.0187 2232 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:26:41.0265 2232 rtl8139 - ok
22:26:41.0296 2232 rupsd (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\wencrservice.dll
22:26:41.0296 2232 rupsd ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0296 2232 rupsd - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0328 2232 s716obex (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\snapman.dll
22:26:41.0328 2232 s716obex ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0328 2232 s716obex - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0359 2232 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:26:41.0437 2232 SamSs - ok
22:26:41.0468 2232 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
22:26:41.0562 2232 SCardSvr - ok
22:26:41.0578 2232 ScFBPNT2 (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\ohci1394.dll
22:26:41.0593 2232 ScFBPNT2 ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0593 2232 ScFBPNT2 - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0609 2232 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
22:26:41.0718 2232 Schedule - ok
22:26:41.0750 2232 se2Cnd5 (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\navex15.dll
22:26:41.0750 2232 se2Cnd5 ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0750 2232 se2Cnd5 - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0765 2232 se45mgmt (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\mcdbus.dll
22:26:41.0765 2232 se45mgmt ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0765 2232 se45mgmt - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0781 2232 se45unic (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\opcenum.dll
22:26:41.0781 2232 se45unic ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0781 2232 se45unic - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0796 2232 se59nd5 (b89cfbe8cb247b57d8c10adaa66b462b) C:\WINDOWS\system32\carboniteservice.dll
22:26:41.0796 2232 se59nd5 ( Backdoor.Multi.ZAccess.gen ) - infected
22:26:41.0796 2232 se59nd5 - detected Backdoor.Multi.ZAccess.gen (0)
22:26:41.0812 2232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:41.0906 2232 Secdrv - ok
22:26:41.0921 2232 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
22:26:42.0000 2232 seclogon - ok
22:26:42.0015 2232 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
22:26:42.0109 2232 SENS - ok
22:26:42.0140 2232 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:26:42.0156 2232 Sentinel ( UnsignedFile.Multi.Generic ) - warning
22:26:42.0156 2232 Sentinel - detected UnsignedFile.Multi.Generic (1)
22:26:42.0171 2232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:26:42.0265 2232 serenum - ok
22:26:42.0281 2232 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:26:42.0375 2232 Serial - ok
22:26:42.0406 2232 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
22:26:42.0421 2232 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
22:26:42.0421 2232 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
22:26:42.0421 2232 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
22:26:42.0437 2232 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
22:26:42.0437 2232 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
22:26:42.0453 2232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:42.0546 2232 Sfloppy - ok
22:26:42.0578 2232 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
22:26:42.0687 2232 SharedAccess - ok
22:26:42.0703 2232 ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
22:26:42.0796 2232 ShellHWDetection - ok
22:26:42.0812 2232 Simbad - ok
22:26:42.0843 2232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:26:42.0937 2232 SLIP - ok
22:26:42.0953 2232 Sparrow - ok
22:26:42.0968 2232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:26:43.0062 2232 splitter - ok
22:26:43.0078 2232 Spooler (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
22:26:43.0171 2232 Spooler - ok
22:26:43.0234 2232 sptd (6b4f64aaecc805bc32d1aec763385160) C:\WINDOWS\system32\Drivers\sptd.sys
22:26:43.0234 2232 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 6b4f64aaecc805bc32d1aec763385160
22:26:43.0234 2232 sptd ( LockedFile.Multi.Generic ) - warning
22:26:43.0234 2232 sptd - detected LockedFile.Multi.Generic (1)
22:26:43.0250 2232 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:43.0328 2232 sr - ok
22:26:43.0359 2232 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
22:26:43.0453 2232 srservice - ok
22:26:43.0484 2232 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:43.0562 2232 Srv - ok
22:26:43.0593 2232 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
22:26:43.0625 2232 ssadbus - ok
22:26:43.0656 2232 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
22:26:43.0703 2232 ssadmdfl - ok
22:26:43.0718 2232 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
22:26:43.0750 2232 ssadmdm - ok
22:26:43.0781 2232 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:26:43.0796 2232 sscdbus - ok
22:26:43.0828 2232 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:26:43.0843 2232 sscdmdfl - ok
22:26:43.0859 2232 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:26:43.0875 2232 sscdmdm - ok
22:26:43.0921 2232 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
22:26:44.0031 2232 SSDPSRV - ok
22:26:44.0046 2232 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:26:44.0046 2232 ssmdrv - ok
22:26:44.0078 2232 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
22:26:44.0187 2232 stisvc - ok
22:26:44.0218 2232 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
22:26:44.0234 2232 StMp3Rec - ok
22:26:44.0250 2232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:26:44.0343 2232 streamip - ok
22:26:44.0359 2232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:44.0437 2232 swenum - ok
22:26:44.0468 2232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:26:44.0562 2232 swmidi - ok
22:26:44.0578 2232 SwPrv - ok
22:26:44.0578 2232 symc810 - ok
22:26:44.0593 2232 symc8xx - ok
22:26:44.0593 2232 sym_hi - ok
22:26:44.0609 2232 sym_u3 - ok
22:26:44.0625 2232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:44.0703 2232 sysaudio - ok
22:26:44.0734 2232 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
22:26:44.0828 2232 SysmonLog - ok
22:26:44.0875 2232 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
22:26:44.0968 2232 TapiSrv - ok
22:26:44.0968 2232 tbiosdrv - ok
22:26:45.0000 2232 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:45.0109 2232 Tcpip - ok
22:26:45.0125 2232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:45.0218 2232 TDPIPE - ok
22:26:45.0218 2232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:45.0312 2232 TDTCP - ok
22:26:45.0312 2232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:45.0406 2232 TermDD - ok
22:26:45.0453 2232 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
22:26:45.0546 2232 TermService - ok
22:26:45.0562 2232 tgsrvc_smartagent - ok
22:26:45.0578 2232 Themes (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
22:26:45.0656 2232 Themes - ok
22:26:45.0687 2232 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
22:26:45.0765 2232 TlntSvr - ok
22:26:45.0781 2232 TosIde - ok
22:26:45.0796 2232 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
22:26:45.0890 2232 TrkWks - ok
22:26:45.0906 2232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:26:46.0000 2232 Udfs - ok
22:26:46.0000 2232 ultra - ok
22:26:46.0046 2232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:26:46.0156 2232 Update - ok
22:26:46.0187 2232 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
22:26:46.0281 2232 upnphost - ok
22:26:46.0296 2232 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
22:26:46.0390 2232 UPS - ok
22:26:46.0390 2232 upsentry_smart - ok
22:26:46.0406 2232 USB28xxBGA - ok
22:26:46.0421 2232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:26:46.0500 2232 usbaudio - ok
22:26:46.0515 2232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:46.0609 2232 usbccgp - ok
22:26:46.0625 2232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:46.0703 2232 usbehci - ok
22:26:46.0718 2232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:46.0796 2232 usbhub - ok
22:26:46.0828 2232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:46.0906 2232 usbprint - ok
22:26:46.0921 2232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:26:47.0000 2232 usbscan - ok
22:26:47.0015 2232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:47.0093 2232 USBSTOR - ok
22:26:47.0125 2232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:26:47.0203 2232 usbuhci - ok
22:26:47.0203 2232 vc5secs - ok
22:26:47.0218 2232 VClone (2cc2660b3ec3434c88d2c808dd7937d4) C:\WINDOWS\system32\DRIVERS\VClone.sys
22:26:47.0234 2232 VClone ( UnsignedFile.Multi.Generic ) - warning
22:26:47.0234 2232 VClone - detected UnsignedFile.Multi.Generic (1)
22:26:47.0250 2232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:26:47.0343 2232 VgaSave - ok
22:26:47.0359 2232 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:26:47.0375 2232 viaagp1 - ok
22:26:47.0390 2232 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
22:26:47.0390 2232 ViaIde - ok
22:26:47.0406 2232 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
22:26:47.0421 2232 viasraid - ok
22:26:47.0437 2232 VICESYS - ok
22:26:47.0437 2232 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:47.0531 2232 VolSnap - ok
22:26:47.0531 2232 VRcore - ok
22:26:47.0578 2232 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
22:26:47.0609 2232 vsdatant - ok
22:26:47.0640 2232 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
22:26:47.0734 2232 VSS - ok
22:26:47.0750 2232 w200mgmt - ok
22:26:47.0781 2232 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
22:26:47.0890 2232 W32Time - ok
22:26:47.0906 2232 W700mgmt - ok
22:26:47.0921 2232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:48.0000 2232 Wanarp - ok
22:26:48.0000 2232 wanatw - ok
22:26:48.0046 2232 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:26:48.0093 2232 Wdf01000 - ok
22:26:48.0093 2232 WDICA - ok
22:26:48.0125 2232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:48.0203 2232 wdmaud - ok
22:26:48.0218 2232 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
22:26:48.0312 2232 WebClient - ok
22:26:48.0328 2232 wencrservice - ok
22:26:48.0328 2232 wfxsvc - ok
22:26:48.0390 2232 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:26:48.0484 2232 winmgmt - ok
22:26:48.0500 2232 winsshd - ok
22:26:48.0515 2232 wlancig - ok
22:26:48.0531 2232 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:26:48.0578 2232 WmdmPmSN - ok
22:26:48.0625 2232 Wmi (53e1ccf332a2f40b5e08476921cd8b44) C:\WINDOWS\System32\advapi32.dll
22:26:48.0718 2232 Wmi - ok
22:26:48.0734 2232 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:26:48.0843 2232 WmiApSrv - ok
22:26:48.0859 2232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:26:48.0875 2232 WpdUsb - ok
22:26:48.0875 2232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:26:48.0968 2232 WSTCODEC - ok
22:26:48.0984 2232 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
22:26:49.0078 2232 wuauserv - ok
22:26:49.0093 2232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:26:49.0125 2232 WudfPf - ok
22:26:49.0140 2232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:26:49.0156 2232 WudfRd - ok
22:26:49.0171 2232 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:26:49.0187 2232 WudfSvc - ok
22:26:49.0203 2232 xaudioservice - ok
22:26:49.0218 2232 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
22:26:49.0328 2232 xmlprov - ok
22:26:49.0359 2232 yukonwxp (a8d429e2268792638cffc57552c5e736) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:26:49.0406 2232 yukonwxp - ok
22:26:49.0421 2232 ZSMC302 (0bae542716cf2ef4b453392a5da28278) C:\WINDOWS\system32\Drivers\usbvm302.sys
22:26:49.0453 2232 ZSMC302 - ok
22:26:49.0468 2232 ZY202_XP - ok
22:26:49.0500 2232 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:26:49.0968 2232 \Device\Harddisk0\DR0 - ok
22:26:50.0000 2232 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR4
22:26:50.0093 2232 \Device\Harddisk1\DR4 - ok
22:26:50.0093 2232 Boot (0x1200) (90e78075b49377c8abfe714e3ab5e585) \Device\Harddisk0\DR0\Partition0
22:26:50.0109 2232 \Device\Harddisk0\DR0\Partition0 - ok
22:26:50.0125 2232 Boot (0x1200) (c56af859c8cdccf9809e475466567fcc) \Device\Harddisk0\DR0\Partition1
22:26:50.0125 2232 \Device\Harddisk0\DR0\Partition1 - ok
22:26:50.0140 2232 Boot (0x1200) (fb0246fb6dee9af0e59dec7daf3af378) \Device\Harddisk0\DR0\Partition2
22:26:50.0140 2232 \Device\Harddisk0\DR0\Partition2 - ok
22:26:50.0156 2232 Boot (0x1200) (be3b1d04c0d6a9acdcbb19911fef43a1) \Device\Harddisk1\DR4\Partition0
22:26:50.0156 2232 \Device\Harddisk1\DR4\Partition0 - ok
22:26:50.0156 2232 ============================================================
22:26:50.0156 2232 Scan finished
22:26:50.0156 2232 ============================================================
22:26:50.0265 2300 Detected object count: 76
22:26:50.0265 2300 Actual detected object count: 76
22:29:35.0406 2300 a016mdm ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0406 2300 a016mdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0406 2300 acdservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0406 2300 acdservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0421 2300 AdfuUd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0421 2300 AdfuUd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0421 2300 AFD ( Virus.Win32.ZAccess.g ) - skipped by user
22:29:35.0421 2300 AFD ( Virus.Win32.ZAccess.g ) - User select action: Skip
22:29:35.0421 2300 agentsrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0421 2300 agentsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0421 2300 aslm75 ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0421 2300 aslm75 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0421 2300 astcc ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0421 2300 astcc ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0437 2300 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0437 2300 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0437 2300 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0437 2300 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0437 2300 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0437 2300 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0437 2300 bdfsfltr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0437 2300 bdfsfltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0453 2300 besclient ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0453 2300 besclient ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0453 2300 bh611 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0453 2300 bh611 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0453 2300 bthusb ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0453 2300 bthusb ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0453 2300 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0453 2300 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0453 2300 c-dillasrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0453 2300 c-dillasrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0468 2300 CamAv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0468 2300 CamAv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0468 2300 ctusfsyn ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0468 2300 ctusfsyn ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0468 2300 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0468 2300 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0468 2300 DCamUSBMke ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0468 2300 DCamUSBMke ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0468 2300 digisptiservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0468 2300 digisptiservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0484 2300 dlartl_n ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0484 2300 dlartl_n ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0484 2300 dnserver32 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0484 2300 dnserver32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0484 2300 DSDrvNT ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0484 2300 DSDrvNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0484 2300 elbydelay ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0484 2300 elbydelay ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0500 2300 enecbpth ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0500 2300 enecbpth ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0500 2300 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0500 2300 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0500 2300 enxpsvr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0500 2300 enxpsvr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0500 2300 EPOWER ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0500 2300 EPOWER ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0500 2300 epsonbidirectionalagent ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0500 2300 epsonbidirectionalagent ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0515 2300 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0515 2300 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0515 2300 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0515 2300 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0515 2300 framework ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0515 2300 framework ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0515 2300 GameConsoleService ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0515 2300 GameConsoleService ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0515 2300 gs30s ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0515 2300 gs30s ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0531 2300 GTF32BUS ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0531 2300 GTF32BUS ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0531 2300 HpqKbFiltr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0531 2300 HpqKbFiltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0531 2300 hpwirelessmgr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0531 2300 hpwirelessmgr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0531 2300 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0531 2300 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0531 2300 igateway ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0531 2300 igateway ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0546 2300 imap4d32 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0546 2300 imap4d32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0546 2300 incdrec ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0546 2300 incdrec ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0546 2300 ipodsrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0546 2300 ipodsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0546 2300 livesrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0546 2300 livesrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0562 2300 lktimesync ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0562 2300 lktimesync ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0562 2300 lvselsus ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0562 2300 lvselsus ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0562 2300 mvdcodec ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0562 2300 mvdcodec ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0562 2300 nalntservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0562 2300 nalntservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0562 2300 netmnt ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0562 2300 netmnt ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0578 2300 NICSer_WPC54G ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0578 2300 NICSer_WPC54G ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0578 2300 NinjaUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0578 2300 NinjaUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0578 2300 ntgrip ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0578 2300 ntgrip ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0578 2300 ONSIO ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0578 2300 ONSIO ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0578 2300 oracleorahometnslistener ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0578 2300 oracleorahometnslistener ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0593 2300 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0593 2300 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0593 2300 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0593 2300 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0593 2300 pdlncbas ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0593 2300 pdlncbas ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0593 2300 pensup ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0593 2300 pensup ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0593 2300 personalsecuredriveservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0593 2300 personalsecuredriveservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0593 2300 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0593 2300 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0609 2300 picturetaker ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0609 2300 picturetaker ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0609 2300 proxyserverservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0609 2300 proxyserverservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0609 2300 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0609 2300 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0609 2300 roxupnpserver ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0609 2300 roxupnpserver ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0609 2300 rupsd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0609 2300 rupsd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0625 2300 s716obex ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0625 2300 s716obex ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0625 2300 ScFBPNT2 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0625 2300 ScFBPNT2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0625 2300 se2Cnd5 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0625 2300 se2Cnd5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0625 2300 se45mgmt ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0625 2300 se45mgmt ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0625 2300 se45unic ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0625 2300 se45unic ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0640 2300 se59nd5 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
22:29:35.0640 2300 se59nd5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
22:29:35.0640 2300 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0640 2300 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0640 2300 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0640 2300 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0640 2300 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0640 2300 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:35.0640 2300 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:29:35.0640 2300 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:29:35.0640 2300 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:35.0640 2300 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
Was kann ich als nächstes noch machen? Geändert von schwonz (31.05.2012 um 19:34 Uhr) |
|
31.05.2012, 19:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Admin Benutzerkonto, Win XP Die MovedFiles hast du in den Uploadchannel noch nicht hochgeladen. Oder gab es da Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.05.2012, 20:39
| #6 |
| | GVU Trojaner - Admin Benutzerkonto, Win XP Sorry, vorhin vergessen, weil ich dachte WinXP fährt gar nicht hoch. Hat eben wieder 5min gedauert... Datei ist jetzt im UploadChannel hochgeladen! |
|
31.05.2012, 21:08
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Admin Benutzerkonto, Win XP Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 21:50
| #8 |
| | GVU Trojaner - Admin Benutzerkonto, Win XP Leider klappt die Aktualisierung von Malwarebytes nicht. Die letzte Aktualisierung war am 04.04.2012. Ich lasse jetzt trotzdem den FullScan laufen und werde die Ergebnisse posten. Gibt es aber ansonsten auch eine Möglichkeit, von einer vertrauenswürdigen Seite die aktuellen Malwarebytes-Virusdatenbank über einen anderen PC herunterzuladen? Ich habe da bei google was gefunden, aber eine 7 MB .exe-Datei erscheint mir nicht sonderlich vertrauenswürdig... Hier schonmal der Malwarebytes (ohne Update) Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows XP Service Pack 3 x86 FAT Internet Explorer 8.0.6001.18702 Administrator :: PC [Administrator] Schutz: Aktiviert 01.06.2012 00:48:14 mbam-log-2012-06-01 (01-40-06).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 395844 Laufzeit: 51 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 18 C:\WINDOWS\system32\mcdbus.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\opcenum.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\apfiltrservice.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\ntsyslog.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\cwcspud.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\rdpcdd.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\xnacc.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\enum1394.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. D:\Installationen\Nero\Vista\Ahead.Nero.v7.5.9.0\keygen.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. F:\S.T.A.L.K.E.R. - Shadow of Chernobyl\trainer.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\appconf32.exe (Trojan.Banker) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\ups.dll (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. C:\WINDOWS\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. (Ende) Ich habe mit dem Rechner keine Internetverbindung mehr. Deswegen konnte ich auch keine Updates für Malwarebytes herunterladen. Unten rechts in der Taskleiste steht jetzt immer das Zeichen für "Netzwerkadresse beziehen". Im Internet Explorer kann ich also auch auf keine Adresse zugreifen und daher auch nicht den ESET Test machen... Was kann ich tun? Geändert von schwonz (31.05.2012 um 22:49 Uhr) |
|
01.06.2012, 11:46
| #9 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Admin Benutzerkonto, Win XPZitat:
Zitat:
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2012, 14:51
| #10 |
| | GVU Trojaner - Admin Benutzerkonto, Win XP ok, das klang ja nach einer vernichtenden Aussage "System ist hinüber". War mir nicht bewusst, dass ich da einen Keygen an Bord habe, aber so ist das nun mal, wenn man sich Software von einem Freund installieren lässt. Egal, Cosinus, trotzdem vielen Dank für die Mühe bis hierhin! Ihr seid super! |
|
01.06.2012, 15:02
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Admin Benutzerkonto, Win XP Naja, hinüber zB deswegen => C:\WINDOWS\system32\mcdbus.dll (Rootkit.0Access) Mit dme 0Access ist nicht zu spaßen und ob Windows selbst nach einer erfolgreichen Bereinigung noch tadellos läuft ist die nächste Frage Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner - Admin Benutzerkonto, Win XP |
| abgesicherten, account, benutzerkonto, bild, brauche, chip.de, desktop, geld, hängen, kaspersky, modus, programm, rechner, rescue, sp3, spätere, start, start von windows, system, taskmanager, trojaner, verbindung, win, win xp, windows, woche |
Linear-Darstellung
