Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with TDSS 565, TR/Sirefef.BV.2 & ping.exe slowing pc down


  • This topic is locked This topic is locked
88 replies to this topic

#1 virustroubles

virustroubles

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 19 March 2012 - 03:47 PM

Hello!

Yesterday I noticed my computer slowing down a lot (suddenly). ping.exe kept trying to connect to various sites. Sometimes there were several instances of ping.exe running (at one time around 10). I did a virus scan with Avira Antivir Personal. It kept finding TR/Sirefef.BV.2 and other viruses. When I clicked 'remove', they would just reappear a while later in another file, usually within WINDOWS\system32. Last location:
C:\WINDOWS\system32\SiRemFil.dll : 'TR/Sirefef.BV.2'

Various files kept trying to connect to cryptic looking (lots of numbers/letters) web addresses. The last one I wrote down (partially):
C:\WINDOWS\Temp\lsogkq\setup.exe is trying to connect XXXX using remote port 53

I tried using TDSSKiller. It found 1 virus, 2 suspicious locked files, then cured the 1 file. After a restart it would find another virus in another file.

The same happened with DrWeb Cureit: It kept finding two files (TDSS.565) and would remove them only for them to reappear.

My browsers seem to work fine, although I have had the odd pop-up in Firefox 9.0.1, but only twice, so it did not seem suspicious to me. When I connect to the internet, the network connection symbol in the task bar takes forever to display connected. It's supposedly trying to get an IP address. (I have a static IP address assigned to this computer (within my LAN) for port forwarding). The connection works right away, though.


In the installed programs part of the attach.txt I saw a 'Sony USB driver', but I don't have any Sony products connected to this computer. Another thing I noticed is that I had disabled two files with CCleaner from my startup, namely 'qttask.exe' (Quicktime Task) and 'reader_sl.exe' (Adobe Reader Speed Launcher). They have somehow been reenabled and load at each system start.

I use a German Windows XP installation.

Gemeinsame Dateien = Shared Files
Dokumente und Einstellungen = Documents and Settings
Programme = Program files
Update für = Update for
Das System kann die angegebene Datei nicht finden. = The system cannot find the specified file.
Standardlaufwerke = standard drive

I hope I didn't overlook any other German word.

I edited one thing in the DDS log and the ark.txt: 'Run by' had my real name in it (should probably change that), so I replaced it with an X, and I did the same within the ark.txt with my computer name. I hope that's ok.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by X at 17:20:50 on 2012-03-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1383 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Sygate\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\PeerBlock\peerblock.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\TEMP\lsogkq\setup.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\programme\orbitdownloader\orbitcth.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\programme\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\programme\techsmith\snagit 9\SnagItIEAddin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\programme\orbitdownloader\GrabPro.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PeerBlock] c:\programme\peerblock\peerblock.exe
mRun: [Dit] Dit.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [SmcService] c:\progra~1\sygate\smc.exe -startgui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: ForceCopyAclwithFile = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Download by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\programme\pdfill\DownloadPDF.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: kuaiche.com\software
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{3449B354-63D2-474A-82E9-7EB70C34FB18} : NameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: rkpoirk - c:\dokumente und einstellungen\networkservice\lokale einstellungen\anwendungsdaten\rkpoirk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\programme\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\xxx\anwendungsdaten\mozilla\firefox\profiles\lw59laj5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\programme\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\opera\program\plugins\nporbit.dll
FF - plugin: c:\programme\opera\program\plugins\nppl3260.dll
FF - plugin: c:\programme\opera\program\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2011-5-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\avira\antivir desktop\sched.exe [2011-5-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2011-5-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-16 66616]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-6-2 82816]
R3 pbfilter;pbfilter;c:\programme\peerblock\pbfilter.sys [2010-7-4 19056]
R3 SbieDrv;SbieDrv;c:\programme\sandboxie\SbieDrv.sys [2011-8-27 129808]
S2 avgarcln;Kl1;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-4-16 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-4-16 3072]
S3 imvad_multi;NETGEAR NeoTV Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2010-4-30 22600]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\programme\msi - live update 5\msibios32_100507.sys [2011-5-29 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\programme\msi - live update 5\NTIOLib.sys [2011-5-29 7680]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2009-4-16 24704]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\programme\gemeinsame dateien\surething shared\stllssvr.exe [2010-2-1 74392]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-12-15 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2012-03-19 14:44:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 16:00:05 -------- d-----w- c:\windows\system32\QuickTime
2012-03-18 15:58:19 -------- d-----w- c:\programme\gemeinsame dateien\TechSmith Shared
2012-03-18 15:58:12 -------- d-----w- c:\programme\Camtasia Studio 7
2012-03-18 15:54:51 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-18 15:41:30 -------- d-----w- c:\windows\DE042823C3594B87B66B308057E8B6AF.TMP
2012-03-18 15:32:02 3982240 ----a-w- c:\windows\system32\Flash10d.ocx
2012-03-17 22:09:42 -------- d-----w- c:\programme\WinHTTrack
2012-02-25 01:25:16 -------- d-----w- c:\programme\StreamTransport
2012-02-21 20:41:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-03-19 15:10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-19 14:45:43 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-21 20:40:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:57:08 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:33 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
1999-10-30 20:54:32 561152 ----a-w- c:\programme\Convert.exe
.
============= FINISH: 17:21:38.23 ===============


In the attach.txt file it says to attach the file only when requested and then only as a .zip. In the Preparation Guide that I followed it asks to attach it as .txt, so I hope I didn't attach the wrong one.

I have two questions: There are several external drives connected to this computer. Could they be infected as well? Can I use them to backup data?

I really appreciate your help. Thank you, guys (and girls)! :)

Attached Files


Edited by Queen-Evie, 24 March 2012 - 09:52 PM.
real name deleted at the request of the poster


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 22 March 2012 - 06:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 23 March 2012 - 02:39 PM

Hello m0le and thank you for helping me!

I've already subscribed to the topic and I also check here daily.

In the meantime I possibly made things worse:

1) I installed MSN messenger. After that I now have Google redirects as well.

2) I also had a weird incident with a program I had recently installed (a couple of days before the time I assume the infection had started): I used Camtasia Studio 7 30-day-trial version and when it was done saving a file it didn't start up the usual main program screen. I assumed it had crashed, but instead the whole program had disappeared from my start menu. When I checked with the Explorer the program's folders were nearly empty except for a few files. After a restart the folders are now completely empty. So far I haven't noticed any other software or files disappearing.

3) I had one very fast windows restart all by itself that I cannot explain.

4) Lastly I also let Windows Update (or what looked like it) update (3 updates, 2 supposed fixes against DLL planting) and the result is that my monitor turns black as soon as the desktop should appear. The pc still seems to run fine, but I can't see anything. When I start the computer in safe mode, the monitor works normally. There is one restore point available that might be this update.

5) Besides ping.exe there is now also winlogon.exe trying to connect to places. I disallowed it. Is this the reason my computer can't seem to be assigned an IP address by my router?

6) Can I infect my other computer that is connected to the same router? I make sure not to have both connected at the same time, but is that enough?

7) After reading through the forum about rootkit infections I am seriously considering just formatting and reinstalling everything. What I don't understand is how I can safely backup data without reinfecting my system afterwards. I have quite a few external hdds connected to the infected computers that might have been running at some point. Wouldn't I have to clean everything first, so I could backup data to these discs?

I assume you want new logs after this mess, but I won't touch anything now without being instructed to do so. I'm very sorry if I have made your work harder. I feel very dumb. :mellow:

PS: I wasn't sure if I'd bump the topic by editing it, that's why I didn't add to my original post earlier. I'm trying to be as detailed as possible. If I go into too much detail, please let me know.

Edited by virustroubles, 23 March 2012 - 02:49 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 23 March 2012 - 05:16 PM

This looks like ZeroAccess, a rootkit which is connected to TDSS, ping.exe and sirefef.

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 24 March 2012 - 11:22 AM

1) In the meantime my monitor started working again, after turning itself off after two start-ups in a row.

2) I got a new virus find by Avira: "TR/Drop.Sirefef.B.244"

3) I get pop-ups now in Firefox to sites selling counterfeit merchandise.

4) Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 17:16:35
-----------------------------
17:16:35.921 OS Version: Windows 5.1.2600 Service Pack 3
17:16:35.968 Number of processors: 1 586 0x207
17:16:35.968 ComputerName: X UserName:
17:17:09.734 Initialize success
17:17:48.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:17:48.578 Disk 0 Vendor: ST3160021A 3.04 Size: 152616MB BusType: 3
17:17:48.656 Disk 0 MBR read successfully
17:17:48.703 Disk 0 MBR scan
17:17:48.703 Disk 0 Windows XP default MBR code
17:17:48.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40005 MB offset 63
17:17:48.703 Disk 0 Partition - 00 0F Extended LBA 112604 MB offset 81931500
17:17:48.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112604 MB offset 81931563
17:17:48.828 Disk 0 scanning sectors +312544575
17:17:49.171 Disk 0 scanning C:\WINDOWS\system32\drivers
17:18:44.343 File: C:\WINDOWS\system32\drivers\ipsec.sys **SUSPICIOUS**
17:19:43.343 Disk 0 trace - called modules:
17:19:43.453 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb1c07fc0]<<
17:19:43.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d1ab8]
17:19:43.921 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x89b45310]
17:19:43.937 \Driver\00003176[0x89b06bc0] -> IRP_MJ_CREATE -> 0xb1c07fc0
17:19:43.937 Scan finished successfully
17:20:08.750 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\X\Desktop\MBR.dat"
17:20:08.843 The log file has been saved successfully to "C:\Dokumente und Einstellungen\X\Desktop\aswMBR.txt"

5) I have a question: What should I do about Avira? It keeps popping up finding malware. Just ignore it for now?

Edited by virustroubles, 24 March 2012 - 11:26 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 25 March 2012 - 04:31 PM

That's the rootkit evidence so we need to go into a different operating system boot to check which type we have here.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#7 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 25 March 2012 - 07:31 PM

So far I can't get this to work. I tried hitting F12 repeatedly but it would just start up the regular windows installation. I pulled the USB quickly in hopes it would not get infected. Then I figured out I had to change the boot order in my BIOS setup. After doing that I get "disk boot failure. Please insert system disk and hit Enter." When I hit a key, nothing happens. I will now reformat my USB flash drive and try this again.

Edit: It doesn't work. I can't get past the disk boot failure.

It's an 8 GB flash drive. Could that be the problem? I could buy a new one tomorrow. Or could this be done any other way?

Edit2: I found an old 128 MB flash drive and tried again. Nothing. I tried all available USB ports on my computer and both flash drives. I only get "Disk boot failure. Plese insert system disk and hit Enter."

Edited by virustroubles, 25 March 2012 - 08:10 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 25 March 2012 - 07:59 PM

Try this with a flashdrive and a CD

If this fails we do have another option.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#9 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 25 March 2012 - 08:41 PM

I used PLOP Bootmanager booted from CD to then boot from the flash drive. It worked. :)

[I had done this and was trying to edit my last post when your post appeared. If you'd rather I do this the way you described, I'll gladly do it.]

Edit: F12 doesn't seem to do anything on the sick computer, only works on this (clean) computer. :blink:

Attached Files

  • Attached File  mbr.zip   2.21KB   1 downloads

Edited by virustroubles, 26 March 2012 - 02:32 AM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 26 March 2012 - 07:03 AM

Fortunately the MBR file shows no infection so we can now attempt some alternatives which are a little easier.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 26 March 2012 - 10:23 AM

TDSSKiller found 41 threats (40 Backdoor.Multi.ZAccess.gen). The Backdoor.Multi.ZAccess.gen can only be skipped, deleted or quarantined, not cured. What should I do?

Edit: I selected 'skip' (except for the 1 curable), so I could provide you with the log (from the desktop, there were only two old logs at C:\):

17:17:14.0078 0228 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:17:16.0078 0228 ============================================================
17:17:16.0078 0228 Current date / time: 2012/03/26 17:17:16.0078
17:17:16.0078 0228 SystemInfo:
17:17:16.0078 0228
17:17:16.0078 0228 OS Version: 5.1.2600 ServicePack: 3.0
17:17:16.0078 0228 Product type: Workstation
17:17:16.0078 0228 ComputerName: X
17:17:16.0078 0228 UserName: XXX
17:17:16.0078 0228 Windows directory: C:\WINDOWS
17:17:16.0078 0228 System windows directory: C:\WINDOWS
17:17:16.0093 0228 Processor architecture: Intel x86
17:17:16.0093 0228 Number of processors: 1
17:17:16.0093 0228 Page size: 0x1000
17:17:16.0093 0228 Boot type: Normal boot
17:17:16.0093 0228 ============================================================
17:17:19.0531 0228 Drive \Device\Harddisk0\DR0 - Size: 0x2542880200 (149.04 Gb), SectorSize: 0x200, Cylinders: 0x4BFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:17:19.0546 0228 \Device\Harddisk0\DR0:
17:17:19.0546 0228 MBR used
17:17:19.0546 0228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E22CAD
17:17:19.0562 0228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E22D2B, BlocksNum 0xDBEE014
17:17:19.0843 0228 Initialize success
17:17:19.0843 0228 ============================================================
17:17:39.0593 3748 ============================================================
17:17:39.0593 3748 Scan started
17:17:39.0593 3748 Mode: Manual;
17:17:39.0593 3748 ============================================================
17:17:41.0390 3748 Abiosdsk - ok
17:17:41.0781 3748 abp480n5 - ok
17:17:42.0468 3748 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:17:42.0468 3748 ACPI - ok
17:17:43.0000 3748 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:17:43.0078 3748 ACPIEC - ok
17:17:43.0640 3748 adpu160m - ok
17:17:44.0250 3748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:17:45.0046 3748 aec - ok
17:17:45.0625 3748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:17:45.0625 3748 AFD - ok
17:17:46.0031 3748 Aha154x - ok
17:17:46.0281 3748 aic78u2 - ok
17:17:46.0546 3748 aic78xx - ok
17:17:48.0796 3748 ALCXWDM (17eb1ca007f0e3c6a1cbb205ab93e193) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:17:50.0765 3748 ALCXWDM - ok
17:17:51.0265 3748 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
17:17:51.0281 3748 Alerter - ok
17:17:51.0609 3748 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
17:17:51.0609 3748 ALG - ok
17:17:51.0906 3748 AliIde - ok
17:17:52.0390 3748 amfilter (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\navapsvc.dll
17:17:52.0875 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\navapsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:17:52.0875 3748 amfilter ( Backdoor.Multi.ZAccess.gen ) - infected
17:17:52.0875 3748 amfilter - detected Backdoor.Multi.ZAccess.gen (0)
17:17:53.0171 3748 amsint - ok
17:17:53.0656 3748 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:17:53.0671 3748 AntiVirSchedulerService - ok
17:17:53.0968 3748 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:17:53.0984 3748 AntiVirService - ok
17:17:54.0500 3748 AnyDVD (4b55e7593d9c9acf5e2511f840edcf98) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:17:54.0515 3748 AnyDVD - ok
17:17:54.0796 3748 AppMgmt - ok
17:17:55.0171 3748 aracpi (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\viaide.dll
17:17:55.0250 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\viaide.dll. md5: 11028c6a84a967070cb1286550f2058f
17:17:55.0250 3748 aracpi ( Backdoor.Multi.ZAccess.gen ) - infected
17:17:55.0250 3748 aracpi - detected Backdoor.Multi.ZAccess.gen (0)
17:17:55.0718 3748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:17:55.0765 3748 Arp1394 - ok
17:17:56.0046 3748 asc - ok
17:17:56.0312 3748 asc3350p - ok
17:17:56.0734 3748 asc3550 - ok
17:17:57.0046 3748 ASNDIS5 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tfsndres.dll
17:17:57.0046 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\tfsndres.dll. md5: 11028c6a84a967070cb1286550f2058f
17:17:57.0046 3748 ASNDIS5 ( Backdoor.Multi.ZAccess.gen ) - infected
17:17:57.0046 3748 ASNDIS5 - detected Backdoor.Multi.ZAccess.gen (0)
17:17:57.0265 3748 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:17:57.0390 3748 aspnet_state - ok
17:17:57.0875 3748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:17:57.0968 3748 AsyncMac - ok
17:17:58.0296 3748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:17:58.0296 3748 atapi - ok
17:17:58.0703 3748 Atdisk - ok
17:17:59.0000 3748 atimtag (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\revudfservice.dll
17:17:59.0000 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\revudfservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:17:59.0000 3748 atimtag ( Backdoor.Multi.ZAccess.gen ) - infected
17:17:59.0000 3748 atimtag - detected Backdoor.Multi.ZAccess.gen (0)
17:18:00.0593 3748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:18:00.0625 3748 Atmarpc - ok
17:18:01.0140 3748 ATMsg (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Sunkfiltp.dll
17:18:01.0140 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\Sunkfiltp.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:01.0140 3748 ATMsg ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:01.0140 3748 ATMsg - detected Backdoor.Multi.ZAccess.gen (0)
17:18:01.0453 3748 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
17:18:01.0453 3748 AudioSrv - ok
17:18:01.0781 3748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:18:01.0781 3748 audstub - ok
17:18:02.0234 3748 automate6 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Mtlstrm.dll
17:18:02.0250 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\Mtlstrm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:02.0250 3748 automate6 ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:02.0250 3748 automate6 - detected Backdoor.Multi.ZAccess.gen (0)
17:18:02.0531 3748 AVerBDA (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\umpusbxp.dll
17:18:02.0546 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\umpusbxp.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:02.0546 3748 AVerBDA ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:02.0546 3748 AVerBDA - detected Backdoor.Multi.ZAccess.gen (0)
17:18:02.0687 3748 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
17:18:02.0687 3748 avgio - ok
17:18:03.0265 3748 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:18:03.0281 3748 avgntflt - ok
17:18:03.0625 3748 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:18:03.0640 3748 avipbb - ok
17:18:04.0078 3748 Bcim - ok
17:18:04.0406 3748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:18:04.0437 3748 Beep - ok
17:18:04.0890 3748 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\System32\qmgr.dll
17:18:05.0171 3748 BITS - ok
17:18:05.0500 3748 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
17:18:05.0500 3748 Browser - ok
17:18:05.0781 3748 BsHelpCS (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\btwmodem.dll
17:18:05.0781 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\btwmodem.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:05.0781 3748 BsHelpCS ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:05.0781 3748 BsHelpCS - detected Backdoor.Multi.ZAccess.gen (0)
17:18:06.0078 3748 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:18:06.0109 3748 BthEnum - ok
17:18:06.0609 3748 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
17:18:06.0640 3748 BTHMODEM - ok
17:18:06.0984 3748 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:18:07.0046 3748 BthPan - ok
17:18:07.0671 3748 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
17:18:07.0703 3748 BTHPORT - ok
17:18:08.0000 3748 BthServ (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
17:18:08.0000 3748 BthServ - ok
17:18:08.0515 3748 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:18:08.0531 3748 BTHUSB - ok
17:18:08.0812 3748 btwavdt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VRADFIL.dll
17:18:08.0828 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\VRADFIL.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:08.0828 3748 btwavdt ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:08.0828 3748 btwavdt - detected Backdoor.Multi.ZAccess.gen (0)
17:18:09.0250 3748 Cap7134 (fdfe848c821f0666c4507a11717146c2) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
17:18:09.0578 3748 Cap7134 - ok
17:18:10.0062 3748 Cardex (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\oraclexeclragent.dll
17:18:10.0078 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\oraclexeclragent.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:10.0078 3748 Cardex ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:10.0078 3748 Cardex - detected Backdoor.Multi.ZAccess.gen (0)
17:18:10.0375 3748 cbidf (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lxcg_device.dll
17:18:10.0406 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\lxcg_device.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:10.0406 3748 cbidf ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:10.0406 3748 cbidf - detected Backdoor.Multi.ZAccess.gen (0)
17:18:11.0015 3748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:18:11.0031 3748 cbidf2k - ok
17:18:11.0343 3748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:18:11.0359 3748 CCDECODE - ok
17:18:11.0765 3748 cd20xrnt - ok
17:18:12.0109 3748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:18:12.0125 3748 Cdaudio - ok
17:18:12.0468 3748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:18:12.0500 3748 Cdfs - ok
17:18:12.0953 3748 cdr4_2k (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\advantage.dll
17:18:12.0953 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\advantage.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:12.0953 3748 cdr4_2k ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:12.0953 3748 cdr4_2k - detected Backdoor.Multi.ZAccess.gen (0)
17:18:13.0375 3748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:18:13.0421 3748 Cdrom - ok
17:18:13.0734 3748 Changer - ok
17:18:14.0156 3748 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
17:18:14.0171 3748 CiSvc - ok
17:18:14.0484 3748 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
17:18:14.0531 3748 ClipSrv - ok
17:18:14.0750 3748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:14.0906 3748 clr_optimization_v2.0.50727_32 - ok
17:18:15.0359 3748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:18:15.0421 3748 clr_optimization_v4.0.30319_32 - ok
17:18:15.0687 3748 CmdIde - ok
17:18:15.0906 3748 COMSysApp - ok
17:18:16.0546 3748 Cpqarray - ok
17:18:16.0875 3748 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
17:18:16.0890 3748 CryptSvc - ok
17:18:17.0390 3748 ctaud2k (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\usr11g.dll
17:18:17.0406 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\usr11g.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:17.0406 3748 ctaud2k ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:17.0406 3748 ctaud2k - detected Backdoor.Multi.ZAccess.gen (0)
17:18:17.0718 3748 CTEDSPIO.DLL (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\coste.dll
17:18:17.0796 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\coste.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:17.0796 3748 CTEDSPIO.DLL ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:17.0796 3748 CTEDSPIO.DLL - detected Backdoor.Multi.ZAccess.gen (0)
17:18:18.0062 3748 dac2w2k - ok
17:18:18.0500 3748 dac960nt - ok
17:18:19.0062 3748 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:18:19.0062 3748 DcomLaunch - ok
17:18:19.0640 3748 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
17:18:19.0640 3748 Dhcp - ok
17:18:20.0093 3748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:18:20.0140 3748 Disk - ok
17:18:20.0578 3748 dladresm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vc5secs.dll
17:18:20.0625 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\vc5secs.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:20.0625 3748 dladresm ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:20.0625 3748 dladresm - detected Backdoor.Multi.ZAccess.gen (0)
17:18:20.0859 3748 dmadmin - ok
17:18:21.0593 3748 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:18:21.0937 3748 dmboot - ok
17:18:22.0312 3748 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:18:22.0421 3748 dmio - ok
17:18:22.0921 3748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:18:22.0937 3748 dmload - ok
17:18:23.0203 3748 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
17:18:23.0218 3748 dmserver - ok
17:18:23.0531 3748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:18:23.0703 3748 DMusic - ok
17:18:24.0000 3748 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
17:18:24.0015 3748 Dnscache - ok
17:18:24.0312 3748 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
17:18:24.0390 3748 Dot3svc - ok
17:18:24.0656 3748 downloadmanagerlite (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cdr4_xp.dll
17:18:24.0671 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\cdr4_xp.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:24.0671 3748 downloadmanagerlite ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:24.0671 3748 downloadmanagerlite - detected Backdoor.Multi.ZAccess.gen (0)
17:18:25.0109 3748 dpti2o - ok
17:18:25.0406 3748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:18:25.0406 3748 drmkaud - ok
17:18:25.0953 3748 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
17:18:26.0062 3748 dtscsi - ok
17:18:26.0406 3748 dvdfab (ed641965e808496610f065559e564289) C:\WINDOWS\system32\drivers\dvdfab.sys
17:18:26.0421 3748 dvdfab - ok
17:18:26.0671 3748 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
17:18:26.0703 3748 EapHost - ok
17:18:27.0218 3748 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:18:27.0265 3748 ElbyCDIO - ok
17:18:27.0562 3748 elnkupdateservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sit_flt.dll
17:18:27.0562 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\sit_flt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:27.0562 3748 elnkupdateservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:27.0562 3748 elnkupdateservice - detected Backdoor.Multi.ZAccess.gen (0)
17:18:27.0875 3748 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
17:18:27.0890 3748 epmntdrv - ok
17:18:28.0343 3748 EpmShd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\astcc.dll
17:18:28.0343 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\astcc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:28.0343 3748 EpmShd ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:28.0343 3748 EpmShd - detected Backdoor.Multi.ZAccess.gen (0)
17:18:28.0625 3748 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
17:18:28.0625 3748 ERSvc - ok
17:18:28.0890 3748 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
17:18:28.0906 3748 EuGdiDrv - ok
17:18:29.0359 3748 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:18:29.0359 3748 Eventlog - ok
17:18:29.0765 3748 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
17:18:29.0796 3748 EventSystem - ok
17:18:30.0203 3748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:18:30.0453 3748 Fastfat - ok
17:18:30.0781 3748 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:18:30.0781 3748 FastUserSwitchingCompatibility - ok
17:18:31.0078 3748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:18:31.0093 3748 Fdc - ok
17:18:31.0515 3748 filechecker (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VirtualCam.dll
17:18:31.0531 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\VirtualCam.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:31.0531 3748 filechecker ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:31.0531 3748 filechecker - detected Backdoor.Multi.ZAccess.gen (0)
17:18:31.0875 3748 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:18:31.0890 3748 Fips - ok
17:18:32.0203 3748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:18:32.0218 3748 Flpydisk - ok
17:18:32.0796 3748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:18:32.0890 3748 FltMgr - ok
17:18:33.0093 3748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:33.0125 3748 FontCache3.0.0.0 - ok
17:18:33.0406 3748 fsbwsys (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\gearsecurity.dll
17:18:33.0406 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\gearsecurity.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:33.0406 3748 fsbwsys ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:33.0406 3748 fsbwsys - detected Backdoor.Multi.ZAccess.gen (0)
17:18:33.0875 3748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:18:33.0890 3748 Fs_Rec - ok
17:18:34.0265 3748 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:18:34.0343 3748 Ftdisk - ok
17:18:34.0781 3748 FVXSCSI (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ATWPKT2.dll
17:18:34.0796 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\ATWPKT2.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:34.0796 3748 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:34.0796 3748 FVXSCSI - detected Backdoor.Multi.ZAccess.gen (0)
17:18:35.0125 3748 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:18:35.0156 3748 gagp30kx - ok
17:18:35.0515 3748 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:18:35.0531 3748 gameenum - ok
17:18:36.0046 3748 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:18:36.0062 3748 GEARAspiWDM - ok
17:18:36.0375 3748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:18:36.0390 3748 Gpc - ok
17:18:36.0640 3748 GTSCSER - ok
17:18:36.0937 3748 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:18:36.0937 3748 helpsvc - ok
17:18:37.0250 3748 HidBth (a5aecf10be62459533a06ed7ebf5770b) C:\WINDOWS\system32\DRIVERS\hidbth.sys
17:18:37.0265 3748 HidBth - ok
17:18:37.0500 3748 HidServ - ok
17:18:37.0765 3748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:18:37.0781 3748 hidusb - ok
17:18:38.0281 3748 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
17:18:38.0312 3748 hkmsvc - ok
17:18:38.0609 3748 hpn - ok
17:18:39.0125 3748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:18:39.0140 3748 HTTP - ok
17:18:39.0406 3748 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
17:18:39.0421 3748 HTTPFilter - ok
17:18:39.0703 3748 i2omgmt - ok
17:18:40.0093 3748 i2omp - ok
17:18:40.0421 3748 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:18:40.0437 3748 i8042prt - ok
17:18:40.0718 3748 iAimTV6 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\inetaccs.dll
17:18:40.0718 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\inetaccs.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:40.0718 3748 iAimTV6 ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:40.0718 3748 iAimTV6 - detected Backdoor.Multi.ZAccess.gen (0)
17:18:41.0000 3748 idechndr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\HECI.dll
17:18:41.0000 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\HECI.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:41.0000 3748 idechndr ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:41.0000 3748 idechndr - detected Backdoor.Multi.ZAccess.gen (0)
17:18:41.0781 3748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:42.0562 3748 idsvc - ok
17:18:42.0890 3748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:18:42.0921 3748 Imapi - ok
17:18:43.0421 3748 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
17:18:43.0484 3748 ImapiService - ok
17:18:43.0796 3748 imvad_multi (e2a0918f66c96e66efbf2feaa41ecb9b) C:\WINDOWS\system32\drivers\imvad.sys
17:18:43.0812 3748 imvad_multi - ok
17:18:44.0093 3748 ini910u - ok
17:18:44.0531 3748 IntelIde - ok
17:18:44.0812 3748 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:18:44.0828 3748 intelppm - ok
17:18:45.0531 3748 Intels51 (cb5c2935491f0f998f1b62bffa258464) C:\WINDOWS\system32\DRIVERS\ctxs51.sys
17:18:45.0812 3748 Intels51 - ok
17:18:46.0125 3748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:18:46.0140 3748 Ip6Fw - ok
17:18:46.0625 3748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:18:46.0687 3748 IpFilterDriver - ok
17:18:47.0000 3748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:18:47.0015 3748 IpInIp - ok
17:18:47.0375 3748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:18:47.0375 3748 IpNat - ok
17:18:47.0890 3748 iPod Service (f055c1760abfa52b159985e551ea0edc) C:\Programme\iPod\bin\iPodService.exe
17:18:48.0187 3748 iPod Service - ok
17:18:48.0531 3748 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:18:48.0531 3748 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 19dd19fb992d6bf67811913b6feae577, Fake md5: 23c74d75e36e7158768dd63d92789a91
17:18:48.0531 3748 IPSec ( Virus.Win32.ZAccess.c ) - infected
17:18:48.0531 3748 IPSec - detected Virus.Win32.ZAccess.c (0)
17:18:49.0031 3748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:18:49.0046 3748 IRENUM - ok
17:18:49.0406 3748 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:18:49.0421 3748 isapnp - ok
17:18:49.0671 3748 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
17:18:49.0671 3748 JavaQuickStarterService - ok
17:18:50.0171 3748 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:18:50.0187 3748 Kbdclass - ok
17:18:50.0484 3748 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:18:50.0500 3748 kbdhid - ok
17:18:51.0031 3748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:18:51.0171 3748 kmixer - ok
17:18:51.0484 3748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:18:51.0500 3748 KSecDD - ok
17:18:51.0921 3748 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
17:18:51.0937 3748 LanmanServer - ok
17:18:52.0265 3748 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
17:18:52.0265 3748 lanmanworkstation - ok
17:18:52.0546 3748 lbrtfdc - ok
17:18:52.0812 3748 LCcfltr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MTDVC2_ENUM.dll
17:18:52.0812 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\MTDVC2_ENUM.dll. md5: 11028c6a84a967070cb1286550f2058f
17:18:52.0812 3748 LCcfltr ( Backdoor.Multi.ZAccess.gen ) - infected
17:18:52.0812 3748 LCcfltr - detected Backdoor.Multi.ZAccess.gen (0)
17:18:53.0312 3748 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
17:18:53.0312 3748 LmHosts - ok
17:18:53.0593 3748 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
17:18:53.0609 3748 Messenger - ok
17:18:53.0906 3748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:18:53.0906 3748 mnmdd - ok
17:18:54.0375 3748 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
17:18:54.0437 3748 mnmsrvc - ok
17:18:54.0812 3748 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:18:54.0843 3748 Modem - ok
17:18:55.0328 3748 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:18:55.0343 3748 Mouclass - ok
17:18:55.0656 3748 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:18:55.0656 3748 mouhid - ok
17:18:55.0984 3748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:18:56.0000 3748 MountMgr - ok
17:18:56.0421 3748 mraid35x - ok
17:18:56.0828 3748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:18:56.0921 3748 MRxDAV - ok
17:18:57.0375 3748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:18:57.0546 3748 MRxSmb - ok
17:18:57.0859 3748 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
17:18:57.0875 3748 MSDTC - ok
17:18:58.0234 3748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:18:58.0250 3748 Msfs - ok
17:18:58.0625 3748 MSIServer - ok
17:18:58.0750 3748 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Programme\MSI - Live Update 5\msibios32_100507.sys
17:18:58.0781 3748 MSI_MSIBIOS_010507 - ok
17:18:59.0125 3748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:18:59.0140 3748 MSKSSRV - ok
17:18:59.0453 3748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:18:59.0468 3748 MSPCLOCK - ok
17:18:59.0953 3748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:18:59.0953 3748 MSPQM - ok
17:19:00.0281 3748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:19:00.0281 3748 mssmbios - ok
17:19:00.0578 3748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:19:00.0593 3748 MSTEE - ok
17:19:01.0125 3748 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
17:19:01.0140 3748 ms_mpu401 - ok
17:19:01.0468 3748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:19:01.0468 3748 Mup - ok
17:19:01.0734 3748 MXOPSWD (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SRS_SSCFilter.dll
17:19:01.0750 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\SRS_SSCFilter.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:01.0750 3748 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:01.0750 3748 MXOPSWD - detected Backdoor.Multi.ZAccess.gen (0)
17:19:02.0359 3748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:19:02.0406 3748 NABTSFEC - ok
17:19:02.0796 3748 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
17:19:03.0109 3748 napagent - ok
17:19:03.0562 3748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:19:03.0765 3748 NDIS - ok
17:19:04.0234 3748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:19:04.0250 3748 NdisIP - ok
17:19:04.0625 3748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:19:04.0625 3748 NdisTapi - ok
17:19:04.0968 3748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:19:04.0984 3748 Ndisuio - ok
17:19:05.0484 3748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:19:05.0531 3748 NdisWan - ok
17:19:05.0843 3748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:19:05.0843 3748 NDProxy - ok
17:19:06.0156 3748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:19:06.0171 3748 NetBIOS - ok
17:19:06.0703 3748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:19:06.0843 3748 NetBT - ok
17:19:07.0156 3748 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:19:07.0203 3748 NetDDE - ok
17:19:07.0265 3748 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:19:07.0265 3748 NetDDEdsdm - ok
17:19:07.0671 3748 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
17:19:07.0671 3748 Netlogon - ok
17:19:08.0015 3748 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
17:19:08.0031 3748 Netman - ok
17:19:08.0281 3748 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:19:08.0343 3748 NetTcpPortSharing - ok
17:19:09.0031 3748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:19:09.0031 3748 NIC1394 - ok
17:19:09.0390 3748 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
17:19:09.0406 3748 Nla - ok
17:19:09.0843 3748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:19:09.0859 3748 Npfs - ok
17:19:10.0375 3748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:19:10.0781 3748 Ntfs - ok
17:19:10.0890 3748 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Programme\MSI - Live Update 5\NTIOLib.sys
17:19:10.0906 3748 NTIOLib_1_0_4 - ok
17:19:11.0187 3748 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
17:19:11.0187 3748 NtLmSsp - ok
17:19:11.0625 3748 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
17:19:12.0031 3748 NtmsSvc - ok
17:19:12.0343 3748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:19:12.0343 3748 Null - ok
17:19:17.0796 3748 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:19:22.0625 3748 nv - ok
17:19:22.0968 3748 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\System32\nvsvc32.exe
17:19:23.0125 3748 nvsvc - ok
17:19:23.0484 3748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:19:23.0500 3748 NwlnkFlt - ok
17:19:23.0812 3748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:19:23.0843 3748 NwlnkFwd - ok
17:19:24.0296 3748 O2SCBUS (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Stltrk2k.dll
17:19:24.0312 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\Stltrk2k.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:24.0312 3748 O2SCBUS ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:24.0312 3748 O2SCBUS - detected Backdoor.Multi.ZAccess.gen (0)
17:19:24.0687 3748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:19:24.0687 3748 ohci1394 - ok
17:19:25.0046 3748 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
17:19:25.0093 3748 Parport - ok
17:19:25.0562 3748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:19:25.0578 3748 PartMgr - ok
17:19:25.0937 3748 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:19:25.0953 3748 ParVdm - ok
17:19:26.0046 3748 pbfilter (f678cd9e3afcc9264a514b941a85a9d4) C:\Programme\PeerBlock\pbfilter.sys
17:19:26.0062 3748 pbfilter - ok
17:19:26.0562 3748 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:19:26.0625 3748 PCI - ok
17:19:26.0937 3748 PCIDump - ok
17:19:27.0312 3748 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
17:19:27.0328 3748 PCIIde - ok
17:19:27.0859 3748 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:19:27.0921 3748 Pcmcia - ok
17:19:28.0265 3748 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:19:28.0296 3748 pcouffin - ok
17:19:28.0734 3748 PDCOMP - ok
17:19:29.0109 3748 PDFRAME - ok
17:19:29.0359 3748 pdlnacom (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mediamaxxlservice.dll
17:19:29.0375 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\mediamaxxlservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:29.0375 3748 pdlnacom ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:29.0375 3748 pdlnacom - detected Backdoor.Multi.ZAccess.gen (0)
17:19:29.0812 3748 PDRELI - ok
17:19:30.0125 3748 PDRFRAME - ok
17:19:30.0437 3748 perc2 - ok
17:19:30.0859 3748 perc2hib - ok
17:19:31.0187 3748 PhTVTune (94e7f6107c70251059ae4d01b1d76124) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
17:19:31.0218 3748 PhTVTune - ok
17:19:31.0609 3748 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:19:31.0609 3748 PlugPlay - ok
17:19:32.0171 3748 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
17:19:32.0187 3748 PolicyAgent - ok
17:19:32.0515 3748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:19:32.0546 3748 PptpMiniport - ok
17:19:33.0093 3748 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
17:19:33.0187 3748 Processor - ok
17:19:33.0515 3748 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:19:33.0515 3748 ProtectedStorage - ok
17:19:33.0812 3748 ProtoWall - ok
17:19:34.0296 3748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:19:34.0328 3748 PSched - ok
17:19:34.0718 3748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:19:34.0734 3748 Ptilink - ok
17:19:35.0281 3748 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:19:35.0296 3748 PxHelp20 - ok
17:19:35.0593 3748 qbreminderflash (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ipodservice.dll
17:19:35.0609 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\ipodservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:35.0609 3748 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:35.0609 3748 qbreminderflash - detected Backdoor.Multi.ZAccess.gen (0)
17:19:35.0890 3748 ql1080 - ok
17:19:36.0312 3748 Ql10wnt - ok
17:19:36.0593 3748 ql12160 - ok
17:19:36.0875 3748 ql1240 - ok
17:19:37.0296 3748 ql1280 - ok
17:19:37.0640 3748 QWAVE (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SQTECH905C.dll
17:19:37.0671 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\SQTECH905C.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:37.0671 3748 QWAVE ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:37.0671 3748 QWAVE - detected Backdoor.Multi.ZAccess.gen (0)
17:19:37.0968 3748 RalinkRegistryWriter (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\compbatt.dll
17:19:37.0984 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\compbatt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:37.0984 3748 RalinkRegistryWriter ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:37.0984 3748 RalinkRegistryWriter - detected Backdoor.Multi.ZAccess.gen (0)
17:19:38.0562 3748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:19:38.0562 3748 RasAcd - ok
17:19:38.0921 3748 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
17:19:38.0953 3748 RasAuto - ok
17:19:39.0468 3748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:19:39.0500 3748 Rasl2tp - ok
17:19:39.0859 3748 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
17:19:39.0859 3748 RasMan - ok
17:19:40.0234 3748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:19:40.0265 3748 RasPppoe - ok
17:19:41.0062 3748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:19:41.0078 3748 Raspti - ok
17:19:41.0609 3748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:19:41.0703 3748 Rdbss - ok
17:19:42.0046 3748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:19:42.0046 3748 RDPCDD - ok
17:19:42.0453 3748 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:19:42.0453 3748 RDPWD - ok
17:19:43.0000 3748 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
17:19:43.0062 3748 RDSessMgr - ok
17:19:43.0609 3748 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:19:43.0656 3748 redbook - ok
17:19:44.0031 3748 regspy (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pdlnctdl.dll
17:19:44.0078 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\pdlnctdl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:44.0078 3748 regspy ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:44.0078 3748 regspy - detected Backdoor.Multi.ZAccess.gen (0)
17:19:44.0390 3748 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
17:19:44.0437 3748 RemoteAccess - ok
17:19:44.0812 3748 retrolauncher (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\elaunidr.dll
17:19:44.0828 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\elaunidr.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:44.0828 3748 retrolauncher ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:44.0828 3748 retrolauncher - detected Backdoor.Multi.ZAccess.gen (0)
17:19:45.0265 3748 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:19:45.0296 3748 RFCOMM - ok
17:19:45.0593 3748 rimsptsk (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\BoiHwsetup.dll
17:19:45.0609 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\BoiHwsetup.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:45.0609 3748 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:45.0609 3748 rimsptsk - detected Backdoor.Multi.ZAccess.gen (0)
17:19:46.0031 3748 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
17:19:46.0078 3748 RpcLocator - ok
17:19:46.0515 3748 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:19:46.0531 3748 RpcSs - ok
17:19:46.0921 3748 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
17:19:46.0984 3748 RSVP - ok
17:19:47.0296 3748 rxmssync (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\wanminiportservice.dll
17:19:47.0343 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\wanminiportservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:47.0343 3748 rxmssync ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:47.0343 3748 rxmssync - detected Backdoor.Multi.ZAccess.gen (0)
17:19:47.0718 3748 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:19:47.0718 3748 SamSs - ok
17:19:47.0984 3748 SbieDrv (a4aac62e6c1a5a56ae41b6c0570ab68b) C:\Programme\Sandboxie\SbieDrv.sys
17:19:48.0000 3748 SbieDrv - ok
17:19:48.0109 3748 SbieSvc (9581517ef4b3e6f84b6cfd503a0178c4) C:\Programme\Sandboxie\SbieSvc.exe
17:19:48.0125 3748 SbieSvc - ok
17:19:48.0468 3748 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
17:19:48.0531 3748 SCardSvr - ok
17:19:48.0937 3748 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
17:19:48.0937 3748 Schedule - ok
17:19:49.0281 3748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:19:49.0296 3748 Secdrv - ok
17:19:49.0625 3748 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
17:19:49.0625 3748 seclogon - ok
17:19:49.0984 3748 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
17:19:50.0000 3748 SENS - ok
17:19:50.0421 3748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:19:50.0437 3748 serenum - ok
17:19:50.0859 3748 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:19:50.0890 3748 Serial - ok
17:19:51.0296 3748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:19:51.0328 3748 Sfloppy - ok
17:19:51.0812 3748 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
17:19:51.0843 3748 SharedAccess - ok
17:19:52.0187 3748 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:19:52.0203 3748 ShellHWDetection - ok
17:19:52.0468 3748 Simbad - ok
17:19:53.0062 3748 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:19:53.0093 3748 SISAGP - ok
17:19:53.0453 3748 SiSide (982fd755516012bfd582ef20c6a123ff) C:\WINDOWS\system32\DRIVERS\siside.sys
17:19:53.0500 3748 SiSide - ok
17:19:53.0859 3748 sisidex (5aed8bf3bf7df795d70146d4af4a2580) C:\WINDOWS\system32\drivers\sisidex.sys
17:19:53.0890 3748 sisidex - ok
17:19:54.0203 3748 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
17:19:54.0234 3748 SISNICXP - ok
17:19:54.0578 3748 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
17:19:54.0593 3748 sisperf - ok
17:19:54.0921 3748 slee_81_service (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\drmkaud.dll
17:19:54.0937 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\drmkaud.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:54.0937 3748 slee_81_service ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:54.0937 3748 slee_81_service - detected Backdoor.Multi.ZAccess.gen (0)
17:19:55.0296 3748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:19:55.0296 3748 SLIP - ok
17:19:56.0484 3748 SmcService (8eca9578bfc7da42d6d24c862224c5db) C:\Programme\Sygate\smc.exe
17:19:56.0500 3748 SmcService - ok
17:19:56.0796 3748 Sparrow - ok
17:19:57.0156 3748 spcsutilityservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\netcfgsvr.dll
17:19:57.0187 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\netcfgsvr.dll. md5: 11028c6a84a967070cb1286550f2058f
17:19:57.0187 3748 spcsutilityservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:19:57.0187 3748 spcsutilityservice - detected Backdoor.Multi.ZAccess.gen (0)
17:19:57.0562 3748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:19:57.0593 3748 splitter - ok
17:19:57.0859 3748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:19:57.0859 3748 Spooler - ok
17:19:58.0640 3748 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
17:19:59.0046 3748 sptd - ok
17:19:59.0453 3748 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:19:59.0484 3748 sr - ok
17:19:59.0906 3748 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
17:19:59.0921 3748 srservice - ok
17:20:00.0406 3748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:20:00.0468 3748 Srv - ok
17:20:00.0890 3748 sscdserd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\LMouFilt.dll
17:20:01.0000 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\LMouFilt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:01.0000 3748 sscdserd ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:01.0000 3748 sscdserd - detected Backdoor.Multi.ZAccess.gen (0)
17:20:01.0609 3748 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
17:20:01.0625 3748 SSDPSRV - ok
17:20:02.0031 3748 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:20:02.0062 3748 ssmdrv - ok
17:20:02.0500 3748 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
17:20:02.0578 3748 stisvc - ok
17:20:02.0906 3748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:20:02.0937 3748 streamip - ok
17:20:03.0140 3748 SureThing Labelflash service (2d5ec51b2416e470f591679a6c6462d6) C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
17:20:03.0250 3748 SureThing Labelflash service - ok
17:20:03.0625 3748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:20:03.0656 3748 swenum - ok
17:20:04.0000 3748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:20:04.0046 3748 swmidi - ok
17:20:04.0281 3748 SwPrv - ok
17:20:04.0531 3748 symc810 - ok
17:20:04.0781 3748 symc8xx - ok
17:20:05.0046 3748 sym_hi - ok
17:20:05.0296 3748 sym_u3 - ok
17:20:05.0656 3748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:20:05.0687 3748 sysaudio - ok
17:20:06.0000 3748 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
17:20:06.0062 3748 SysmonLog - ok
17:20:06.0421 3748 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
17:20:06.0437 3748 tap0901 - ok
17:20:06.0796 3748 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
17:20:06.0812 3748 taphss - ok
17:20:07.0187 3748 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
17:20:07.0218 3748 TapiSrv - ok
17:20:07.0531 3748 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
17:20:07.0546 3748 tapvpn - ok
17:20:07.0937 3748 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
17:20:07.0968 3748 tbhsd - ok
17:20:08.0453 3748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:20:08.0500 3748 Tcpip - ok
17:20:08.0859 3748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:20:08.0875 3748 TDPIPE - ok
17:20:09.0281 3748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:20:09.0296 3748 TDTCP - ok
17:20:09.0671 3748 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
17:20:09.0718 3748 Teefer - ok
17:20:10.0093 3748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:20:10.0109 3748 TermDD - ok
17:20:10.0515 3748 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
17:20:10.0546 3748 TermService - ok
17:20:10.0906 3748 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:20:10.0921 3748 Themes - ok
17:20:11.0343 3748 TosIde - ok
17:20:11.0656 3748 transcode360 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\yediex.dll
17:20:11.0671 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\yediex.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:11.0687 3748 transcode360 ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:11.0687 3748 transcode360 - detected Backdoor.Multi.ZAccess.gen (0)
17:20:12.0046 3748 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
17:20:12.0046 3748 TrkWks - ok
17:20:12.0468 3748 tsdhd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ps2.dll
17:20:12.0468 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\ps2.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:12.0468 3748 tsdhd ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:12.0468 3748 tsdhd - detected Backdoor.Multi.ZAccess.gen (0)
17:20:12.0859 3748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:20:12.0890 3748 Udfs - ok
17:20:13.0265 3748 ultra - ok
17:20:13.0375 3748 UnlockerDriver5 (28cd05b9e54a11f08e3968ccc8f45002) C:\Programme\Unlocker\UnlockerDriver5.sys
17:20:13.0390 3748 UnlockerDriver5 - ok
17:20:14.0015 3748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:20:14.0296 3748 Update - ok
17:20:14.0687 3748 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
17:20:14.0781 3748 upnphost - ok
17:20:15.0062 3748 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:20:15.0078 3748 UPS - ok
17:20:15.0453 3748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:20:15.0468 3748 usbccgp - ok
17:20:15.0828 3748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:20:15.0843 3748 usbehci - ok
17:20:16.0218 3748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:20:16.0250 3748 usbhub - ok
17:20:16.0625 3748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:20:16.0625 3748 usbohci - ok
17:20:16.0968 3748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:20:16.0984 3748 usbprint - ok
17:20:17.0390 3748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:20:17.0406 3748 usbscan - ok
17:20:17.0781 3748 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:20:17.0796 3748 usbstor - ok
17:20:18.0203 3748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:20:18.0234 3748 usbuhci - ok
17:20:18.0656 3748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:20:18.0671 3748 VgaSave - ok
17:20:18.0984 3748 vhidmini (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mgactrl.dll
17:20:19.0015 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\mgactrl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:19.0015 3748 vhidmini ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:19.0015 3748 vhidmini - detected Backdoor.Multi.ZAccess.gen (0)
17:20:19.0359 3748 ViaIde - ok
17:20:19.0703 3748 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:20:19.0718 3748 VolSnap - ok
17:20:20.0046 3748 vsdatant - ok
17:20:20.0453 3748 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:20:20.0656 3748 VSS - ok
17:20:21.0046 3748 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
17:20:21.0046 3748 W32Time - ok
17:20:21.0390 3748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:20:21.0421 3748 Wanarp - ok
17:20:21.0781 3748 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:20:21.0781 3748 WDC_SAM - ok
17:20:22.0109 3748 WDICA - ok
17:20:22.0437 3748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:20:22.0484 3748 wdmaud - ok
17:20:22.0796 3748 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:20:22.0812 3748 WebClient - ok
17:20:23.0187 3748 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
17:20:23.0203 3748 wg3n - ok
17:20:23.0515 3748 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
17:20:23.0515 3748 wg4n - ok
17:20:23.0906 3748 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
17:20:23.0906 3748 wg5n - ok
17:20:24.0250 3748 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
17:20:24.0265 3748 wg6n - ok
17:20:24.0656 3748 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:20:24.0656 3748 winmgmt - ok
17:20:24.0968 3748 wltwo51b (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ups.dll
17:20:24.0984 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\ups.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:24.0984 3748 wltwo51b ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:24.0984 3748 wltwo51b - detected Backdoor.Multi.ZAccess.gen (0)
17:20:25.0281 3748 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:20:25.0296 3748 WmdmPmSN - ok
17:20:25.0562 3748 WmdmPmSp - ok
17:20:25.0953 3748 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:20:25.0968 3748 WmiApSrv - ok
17:20:26.0453 3748 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
17:20:26.0906 3748 WMPNetworkSvc - ok
17:20:27.0531 3748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:20:28.0062 3748 WPFFontCache_v0400 - ok
17:20:28.0437 3748 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
17:20:28.0437 3748 wpsdrvnt - ok
17:20:28.0765 3748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:20:28.0812 3748 WSTCODEC - ok
17:20:29.0125 3748 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:20:29.0125 3748 wuauserv - ok
17:20:29.0640 3748 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:20:29.0750 3748 WZCSVC - ok
17:20:29.0859 3748 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:20:29.0921 3748 x10nets - ok
17:20:30.0250 3748 X10UIF (2a35913cfe96e7b19097c9a1c3bc5182) C:\WINDOWS\system32\Drivers\x10uif.sys
17:20:30.0265 3748 X10UIF - ok
17:20:30.0656 3748 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:20:30.0718 3748 xmlprov - ok
17:20:31.0031 3748 zendcoreapache (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\M3AD.dll
17:20:31.0031 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\M3AD.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:31.0031 3748 zendcoreapache ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:31.0031 3748 zendcoreapache - detected Backdoor.Multi.ZAccess.gen (0)
17:20:31.0375 3748 ZTEusbnmea (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\nic1394.dll
17:20:31.0390 3748 Suspicious file (NoAccess): C:\WINDOWS\system32\nic1394.dll. md5: 11028c6a84a967070cb1286550f2058f
17:20:31.0390 3748 ZTEusbnmea ( Backdoor.Multi.ZAccess.gen ) - infected
17:20:31.0390 3748 ZTEusbnmea - detected Backdoor.Multi.ZAccess.gen (0)
17:20:31.0453 3748 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:20:32.0062 3748 \Device\Harddisk0\DR0 - ok
17:20:32.0093 3748 Boot (0x1200) (e065cc4c5dea8ac1bdf9320e5c07935f) \Device\Harddisk0\DR0\Partition0
17:20:32.0093 3748 \Device\Harddisk0\DR0\Partition0 - ok
17:20:32.0125 3748 Boot (0x1200) (a0c99981aa05de166a97b550f1576ae8) \Device\Harddisk0\DR0\Partition1
17:20:32.0125 3748 \Device\Harddisk0\DR0\Partition1 - ok
17:20:32.0140 3748 ============================================================
17:20:32.0140 3748 Scan finished
17:20:32.0140 3748 ============================================================
17:20:32.0156 0888 Detected object count: 44
17:20:32.0156 0888 Actual detected object count: 44
17:25:20.0453 0888 amfilter ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0453 0888 amfilter ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0453 0888 aracpi ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0453 0888 aracpi ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0453 0888 ASNDIS5 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0453 0888 ASNDIS5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0453 0888 atimtag ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0453 0888 atimtag ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0453 0888 ATMsg ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0453 0888 ATMsg ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0453 0888 automate6 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0453 0888 automate6 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0468 0888 AVerBDA ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0468 0888 AVerBDA ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0468 0888 BsHelpCS ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0468 0888 BsHelpCS ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0468 0888 btwavdt ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0468 0888 btwavdt ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0468 0888 Cardex ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0468 0888 Cardex ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0468 0888 cbidf ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0468 0888 cbidf ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0468 0888 cdr4_2k ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0468 0888 cdr4_2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 ctaud2k ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0484 0888 ctaud2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 CTEDSPIO.DLL ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0484 0888 CTEDSPIO.DLL ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 dladresm ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0484 0888 dladresm ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 downloadmanagerlite ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0484 0888 downloadmanagerlite ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 elnkupdateservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0484 0888 elnkupdateservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 EpmShd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0484 0888 EpmShd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0484 0888 filechecker ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0500 0888 filechecker ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0500 0888 fsbwsys ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0500 0888 fsbwsys ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0500 0888 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0500 0888 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0500 0888 iAimTV6 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0500 0888 iAimTV6 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0500 0888 idechndr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:20.0500 0888 idechndr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:20.0906 0888 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
17:25:21.0125 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\@ - copied to quarantine
17:25:21.0125 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\cfg.ini - copied to quarantine
17:25:21.0140 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\Desktop.ini - copied to quarantine
17:25:21.0203 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\L\gmlbqmwa - copied to quarantine
17:25:21.0203 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\oemid - copied to quarantine
17:25:21.0234 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000001.@ - copied to quarantine
17:25:21.0328 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000002.@ - copied to quarantine
17:25:21.0359 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000004.@ - copied to quarantine
17:25:21.0406 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000000.@ - copied to quarantine
17:25:21.0437 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000004.@ - copied to quarantine
17:25:21.0453 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000032.@ - copied to quarantine
17:25:21.0453 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\version - copied to quarantine
17:25:27.0203 0888 Backup copy found, using it..
17:25:27.0312 0888 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
17:25:58.0937 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\@ - will be deleted on reboot
17:25:58.0937 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\cfg.ini - will be deleted on reboot
17:25:58.0937 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\Desktop.ini - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\oemid - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000001.@ - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000002.@ - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000004.@ - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000000.@ - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000004.@ - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000032.@ - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\1826113177\version - will be deleted on reboot
17:25:58.0953 0888 C:\WINDOWS\$NtUninstallKB10817$\3243456837 - will be deleted on reboot
17:25:58.0953 0888 IPSec ( Virus.Win32.ZAccess.c ) - User select action: Cure
17:25:58.0953 0888 LCcfltr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0953 0888 LCcfltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0953 0888 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0953 0888 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0968 0888 O2SCBUS ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0968 0888 O2SCBUS ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0968 0888 pdlnacom ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0968 0888 pdlnacom ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0968 0888 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0968 0888 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0968 0888 QWAVE ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0968 0888 QWAVE ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0968 0888 RalinkRegistryWriter ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0968 0888 RalinkRegistryWriter ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0984 0888 regspy ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0984 0888 regspy ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0984 0888 retrolauncher ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0984 0888 retrolauncher ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0984 0888 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0984 0888 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0984 0888 rxmssync ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0984 0888 rxmssync ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:58.0984 0888 slee_81_service ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:58.0984 0888 slee_81_service ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0000 0888 spcsutilityservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0000 0888 spcsutilityservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0000 0888 sscdserd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0000 0888 sscdserd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0000 0888 transcode360 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0000 0888 transcode360 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0000 0888 tsdhd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0000 0888 tsdhd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0000 0888 vhidmini ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0000 0888 vhidmini ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0015 0888 wltwo51b ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0015 0888 wltwo51b ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0015 0888 zendcoreapache ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0015 0888 zendcoreapache ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:25:59.0015 0888 ZTEusbnmea ( Backdoor.Multi.ZAccess.gen ) - skipped by user
17:25:59.0015 0888 ZTEusbnmea ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
17:26:22.0078 1300 Deinitialize success

Edited by virustroubles, 26 March 2012 - 10:40 AM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 26 March 2012 - 06:30 PM

Quarantine anything that can't be cured. Rerun the TDSSKiller program and post the new log. Let me know if there are any problems.
Posted Image
m0le is a proud member of UNITE

#13 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 26 March 2012 - 07:56 PM

Quarantined everything that could not be cured. Here's the new log:

02:06:52.0734 4092 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
02:06:54.0812 4092 ============================================================
02:06:54.0812 4092 Current date / time: 2012/03/27 02:06:54.0812
02:06:54.0812 4092 SystemInfo:
02:06:54.0812 4092
02:06:54.0812 4092 OS Version: 5.1.2600 ServicePack: 3.0
02:06:54.0812 4092 Product type: Workstation
02:06:54.0812 4092 ComputerName: X
02:06:54.0812 4092 UserName: XXX
02:06:54.0812 4092 Windows directory: C:\WINDOWS
02:06:54.0812 4092 System windows directory: C:\WINDOWS
02:06:54.0812 4092 Processor architecture: Intel x86
02:06:54.0812 4092 Number of processors: 1
02:06:54.0812 4092 Page size: 0x1000
02:06:54.0812 4092 Boot type: Normal boot
02:06:54.0812 4092 ============================================================
02:06:58.0375 4092 Drive \Device\Harddisk0\DR0 - Size: 0x2542880200 (149.04 Gb), SectorSize: 0x200, Cylinders: 0x4BFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:06:58.0375 4092 \Device\Harddisk0\DR0:
02:06:58.0375 4092 MBR used
02:06:58.0375 4092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E22CAD
02:06:58.0390 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E22D2B, BlocksNum 0xDBEE014
02:06:58.0609 4092 Initialize success
02:06:58.0609 4092 ============================================================
02:07:08.0640 3452 ============================================================
02:07:08.0640 3452 Scan started
02:07:08.0640 3452 Mode: Manual;
02:07:08.0656 3452 ============================================================
02:07:09.0187 3452 Abiosdsk - ok
02:07:09.0546 3452 abp480n5 - ok
02:07:09.0890 3452 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:07:09.0890 3452 ACPI - ok
02:07:10.0187 3452 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:07:10.0203 3452 ACPIEC - ok
02:07:10.0453 3452 adpu160m - ok
02:07:10.0937 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:07:11.0062 3452 aec - ok
02:07:11.0421 3452 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:07:11.0484 3452 AFD - ok
02:07:11.0906 3452 Aha154x - ok
02:07:12.0171 3452 aic78u2 - ok
02:07:12.0406 3452 aic78xx - ok
02:07:14.0328 3452 ALCXWDM (17eb1ca007f0e3c6a1cbb205ab93e193) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:07:16.0093 3452 ALCXWDM - ok
02:07:16.0359 3452 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
02:07:16.0375 3452 Alerter - ok
02:07:16.0656 3452 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
02:07:16.0656 3452 ALG - ok
02:07:17.0078 3452 AliIde - ok
02:07:17.0328 3452 amfilter (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\navapsvc.dll
02:07:17.0734 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\navapsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:17.0734 3452 amfilter ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:17.0734 3452 amfilter - detected Backdoor.Multi.ZAccess.gen (0)
02:07:18.0156 3452 amsint - ok
02:07:18.0453 3452 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
02:07:18.0453 3452 AntiVirSchedulerService - ok
02:07:18.0703 3452 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
02:07:18.0703 3452 AntiVirService - ok
02:07:19.0031 3452 AnyDVD (4b55e7593d9c9acf5e2511f840edcf98) C:\WINDOWS\system32\Drivers\AnyDVD.sys
02:07:19.0046 3452 AnyDVD - ok
02:07:19.0437 3452 AppMgmt - ok
02:07:19.0703 3452 aracpi (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\viaide.dll
02:07:19.0765 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\viaide.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:19.0765 3452 aracpi ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:19.0765 3452 aracpi - detected Backdoor.Multi.ZAccess.gen (0)
02:07:20.0406 3452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:07:20.0453 3452 Arp1394 - ok
02:07:20.0750 3452 asc - ok
02:07:21.0000 3452 asc3350p - ok
02:07:21.0468 3452 asc3550 - ok
02:07:21.0750 3452 ASNDIS5 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tfsndres.dll
02:07:21.0750 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\tfsndres.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:21.0765 3452 ASNDIS5 ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:21.0765 3452 ASNDIS5 - detected Backdoor.Multi.ZAccess.gen (0)
02:07:22.0046 3452 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:07:22.0234 3452 aspnet_state - ok
02:07:22.0781 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:07:22.0781 3452 AsyncMac - ok
02:07:23.0328 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:07:23.0328 3452 atapi - ok
02:07:23.0640 3452 Atdisk - ok
02:07:23.0906 3452 atimtag (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\revudfservice.dll
02:07:24.0000 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\revudfservice.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:24.0000 3452 atimtag ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:24.0000 3452 atimtag - detected Backdoor.Multi.ZAccess.gen (0)
02:07:24.0406 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:07:24.0546 3452 Atmarpc - ok
02:07:24.0828 3452 ATMsg (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Sunkfiltp.dll
02:07:24.0843 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\Sunkfiltp.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:24.0843 3452 ATMsg ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:24.0843 3452 ATMsg - detected Backdoor.Multi.ZAccess.gen (0)
02:07:25.0187 3452 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
02:07:25.0187 3452 AudioSrv - ok
02:07:25.0656 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:07:25.0656 3452 audstub - ok
02:07:25.0921 3452 automate6 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Mtlstrm.dll
02:07:25.0937 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\Mtlstrm.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:25.0937 3452 automate6 ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:25.0937 3452 automate6 - detected Backdoor.Multi.ZAccess.gen (0)
02:07:26.0234 3452 AVerBDA (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\umpusbxp.dll
02:07:26.0281 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\umpusbxp.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:26.0281 3452 AVerBDA ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:26.0281 3452 AVerBDA - detected Backdoor.Multi.ZAccess.gen (0)
02:07:26.0468 3452 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
02:07:26.0484 3452 avgio - ok
02:07:26.0781 3452 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:07:26.0796 3452 avgntflt - ok
02:07:27.0156 3452 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
02:07:27.0171 3452 avipbb - ok
02:07:27.0468 3452 Bcim - ok
02:07:27.0828 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:07:27.0843 3452 Beep - ok
02:07:28.0265 3452 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\System32\qmgr.dll
02:07:28.0343 3452 BITS - ok
02:07:28.0640 3452 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
02:07:28.0640 3452 Browser - ok
02:07:28.0937 3452 BsHelpCS (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\btwmodem.dll
02:07:28.0953 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\btwmodem.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:28.0953 3452 BsHelpCS ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:28.0953 3452 BsHelpCS - detected Backdoor.Multi.ZAccess.gen (0)
02:07:29.0312 3452 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
02:07:29.0328 3452 BthEnum - ok
02:07:29.0640 3452 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
02:07:29.0671 3452 BTHMODEM - ok
02:07:30.0000 3452 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
02:07:30.0140 3452 BthPan - ok
02:07:30.0578 3452 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\WINDOWS\system32\Drivers\BTHport.sys
02:07:30.0703 3452 BTHPORT - ok
02:07:30.0968 3452 BthServ (26c601ef7525e31379744abfc6f35a1b) C:\WINDOWS\System32\bthserv.dll
02:07:30.0968 3452 BthServ - ok
02:07:31.0312 3452 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
02:07:31.0343 3452 BTHUSB - ok
02:07:31.0609 3452 btwavdt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VRADFIL.dll
02:07:31.0687 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\VRADFIL.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:31.0687 3452 btwavdt ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:31.0687 3452 btwavdt - detected Backdoor.Multi.ZAccess.gen (0)
02:07:32.0093 3452 Cap7134 (fdfe848c821f0666c4507a11717146c2) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
02:07:32.0265 3452 Cap7134 - ok
02:07:32.0531 3452 Cardex (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\oraclexeclragent.dll
02:07:32.0546 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\oraclexeclragent.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:32.0546 3452 Cardex ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:32.0546 3452 Cardex - detected Backdoor.Multi.ZAccess.gen (0)
02:07:32.0812 3452 cbidf (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lxcg_device.dll
02:07:32.0828 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\lxcg_device.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:32.0828 3452 cbidf ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:32.0828 3452 cbidf - detected Backdoor.Multi.ZAccess.gen (0)
02:07:33.0140 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:07:33.0171 3452 cbidf2k - ok
02:07:33.0500 3452 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:07:33.0515 3452 CCDECODE - ok
02:07:33.0781 3452 cd20xrnt - ok
02:07:34.0062 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:07:34.0078 3452 Cdaudio - ok
02:07:34.0390 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:07:34.0421 3452 Cdfs - ok
02:07:34.0687 3452 cdr4_2k (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\advantage.dll
02:07:34.0687 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\advantage.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:34.0687 3452 cdr4_2k ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:34.0687 3452 cdr4_2k - detected Backdoor.Multi.ZAccess.gen (0)
02:07:35.0015 3452 Cdrom (8af0d1c66d44833cf804b9ee9214b99e) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:07:35.0015 3452 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 8af0d1c66d44833cf804b9ee9214b99e, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
02:07:35.0031 3452 Cdrom ( Virus.Win32.ZAccess.c ) - infected
02:07:35.0031 3452 Cdrom - detected Virus.Win32.ZAccess.c (0)
02:07:35.0296 3452 Changer - ok
02:07:35.0562 3452 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
02:07:35.0609 3452 CiSvc - ok
02:07:35.0953 3452 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
02:07:36.0062 3452 ClipSrv - ok
02:07:36.0265 3452 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:07:36.0593 3452 clr_optimization_v2.0.50727_32 - ok
02:07:36.0890 3452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:07:36.0953 3452 clr_optimization_v4.0.30319_32 - ok
02:07:37.0218 3452 CmdIde - ok
02:07:37.0421 3452 COMSysApp - ok
02:07:37.0687 3452 Cpqarray - ok
02:07:37.0953 3452 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
02:07:37.0953 3452 CryptSvc - ok
02:07:38.0218 3452 ctaud2k (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\usr11g.dll
02:07:38.0265 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\usr11g.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:38.0265 3452 ctaud2k ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:38.0265 3452 ctaud2k - detected Backdoor.Multi.ZAccess.gen (0)
02:07:38.0515 3452 CTEDSPIO.DLL (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\coste.dll
02:07:38.0515 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\coste.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:38.0515 3452 CTEDSPIO.DLL ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:38.0515 3452 CTEDSPIO.DLL - detected Backdoor.Multi.ZAccess.gen (0)
02:07:38.0765 3452 dac2w2k - ok
02:07:39.0062 3452 dac960nt - ok
02:07:39.0453 3452 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
02:07:39.0453 3452 DcomLaunch - ok
02:07:39.0781 3452 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
02:07:39.0781 3452 Dhcp - ok
02:07:40.0125 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:07:40.0140 3452 Disk - ok
02:07:40.0437 3452 dladresm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vc5secs.dll
02:07:40.0453 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\vc5secs.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:40.0453 3452 dladresm ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:40.0453 3452 dladresm - detected Backdoor.Multi.ZAccess.gen (0)
02:07:40.0687 3452 dmadmin - ok
02:07:41.0343 3452 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
02:07:41.0734 3452 dmboot - ok
02:07:42.0171 3452 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
02:07:42.0234 3452 dmio - ok
02:07:42.0515 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:07:42.0531 3452 dmload - ok
02:07:42.0796 3452 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
02:07:42.0812 3452 dmserver - ok
02:07:43.0140 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:07:43.0234 3452 DMusic - ok
02:07:43.0546 3452 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
02:07:43.0546 3452 Dnscache - ok
02:07:43.0875 3452 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
02:07:43.0953 3452 Dot3svc - ok
02:07:44.0203 3452 downloadmanagerlite (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cdr4_xp.dll
02:07:44.0218 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\cdr4_xp.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:44.0218 3452 downloadmanagerlite ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:44.0218 3452 downloadmanagerlite - detected Backdoor.Multi.ZAccess.gen (0)
02:07:44.0468 3452 dpti2o - ok
02:07:44.0750 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:07:44.0750 3452 drmkaud - ok
02:07:45.0328 3452 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
02:07:45.0421 3452 dtscsi - ok
02:07:45.0734 3452 dvdfab (ed641965e808496610f065559e564289) C:\WINDOWS\system32\drivers\dvdfab.sys
02:07:45.0750 3452 dvdfab - ok
02:07:46.0031 3452 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
02:07:46.0109 3452 EapHost - ok
02:07:46.0437 3452 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
02:07:46.0453 3452 ElbyCDIO - ok
02:07:46.0734 3452 elnkupdateservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sit_flt.dll
02:07:46.0734 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\sit_flt.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:46.0734 3452 elnkupdateservice ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:46.0734 3452 elnkupdateservice - detected Backdoor.Multi.ZAccess.gen (0)
02:07:47.0000 3452 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
02:07:47.0015 3452 epmntdrv - ok
02:07:47.0281 3452 EpmShd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\astcc.dll
02:07:47.0281 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\astcc.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:47.0281 3452 EpmShd ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:47.0281 3452 EpmShd - detected Backdoor.Multi.ZAccess.gen (0)
02:07:47.0562 3452 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
02:07:47.0562 3452 ERSvc - ok
02:07:47.0828 3452 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
02:07:47.0828 3452 EuGdiDrv - ok
02:07:48.0140 3452 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
02:07:48.0140 3452 Eventlog - ok
02:07:48.0515 3452 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
02:07:48.0531 3452 EventSystem - ok
02:07:48.0875 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:07:49.0031 3452 Fastfat - ok
02:07:49.0515 3452 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
02:07:49.0515 3452 FastUserSwitchingCompatibility - ok
02:07:49.0875 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:07:49.0890 3452 Fdc - ok
02:07:50.0140 3452 filechecker (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VirtualCam.dll
02:07:50.0156 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\VirtualCam.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:50.0156 3452 filechecker ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:50.0156 3452 filechecker - detected Backdoor.Multi.ZAccess.gen (0)
02:07:50.0468 3452 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
02:07:50.0484 3452 Fips - ok
02:07:50.0781 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:07:50.0812 3452 Flpydisk - ok
02:07:51.0265 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:07:51.0328 3452 FltMgr - ok
02:07:51.0484 3452 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:07:51.0562 3452 FontCache3.0.0.0 - ok
02:07:51.0843 3452 fsbwsys (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\gearsecurity.dll
02:07:51.0906 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\gearsecurity.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:51.0906 3452 fsbwsys ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:51.0906 3452 fsbwsys - detected Backdoor.Multi.ZAccess.gen (0)
02:07:52.0250 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:07:52.0265 3452 Fs_Rec - ok
02:07:52.0578 3452 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:07:52.0640 3452 Ftdisk - ok
02:07:52.0890 3452 FVXSCSI (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ATWPKT2.dll
02:07:52.0890 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\ATWPKT2.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:52.0890 3452 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:52.0890 3452 FVXSCSI - detected Backdoor.Multi.ZAccess.gen (0)
02:07:53.0250 3452 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
02:07:53.0281 3452 gagp30kx - ok
02:07:53.0578 3452 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:07:53.0593 3452 gameenum - ok
02:07:53.0890 3452 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:07:53.0906 3452 GEARAspiWDM - ok
02:07:54.0343 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:07:54.0359 3452 Gpc - ok
02:07:54.0625 3452 GTSCSER - ok
02:07:54.0812 3452 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:07:54.0828 3452 helpsvc - ok
02:07:55.0140 3452 HidBth (a5aecf10be62459533a06ed7ebf5770b) C:\WINDOWS\system32\DRIVERS\hidbth.sys
02:07:55.0156 3452 HidBth - ok
02:07:55.0406 3452 HidServ - ok
02:07:55.0687 3452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:07:55.0703 3452 hidusb - ok
02:07:56.0031 3452 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
02:07:56.0109 3452 hkmsvc - ok
02:07:56.0421 3452 hpn - ok
02:07:56.0828 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:07:56.0859 3452 HTTP - ok
02:07:57.0187 3452 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
02:07:57.0203 3452 HTTPFilter - ok
02:07:57.0468 3452 i2omgmt - ok
02:07:57.0718 3452 i2omp - ok
02:07:58.0031 3452 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:07:58.0078 3452 i8042prt - ok
02:07:58.0421 3452 iAimTV6 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\inetaccs.dll
02:07:58.0421 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\inetaccs.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:58.0421 3452 iAimTV6 ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:58.0421 3452 iAimTV6 - detected Backdoor.Multi.ZAccess.gen (0)
02:07:58.0718 3452 idechndr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\HECI.dll
02:07:58.0718 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\HECI.dll. md5: 11028c6a84a967070cb1286550f2058f
02:07:58.0718 3452 idechndr ( Backdoor.Multi.ZAccess.gen ) - infected
02:07:58.0718 3452 idechndr - detected Backdoor.Multi.ZAccess.gen (0)
02:07:59.0375 3452 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:07:59.0921 3452 idsvc - ok
02:08:00.0281 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:08:00.0296 3452 Imapi - ok
02:08:00.0609 3452 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
02:08:00.0687 3452 ImapiService - ok
02:08:00.0968 3452 imvad_multi (e2a0918f66c96e66efbf2feaa41ecb9b) C:\WINDOWS\system32\drivers\imvad.sys
02:08:00.0984 3452 imvad_multi - ok
02:08:01.0265 3452 ini910u - ok
02:08:01.0500 3452 IntelIde - ok
02:08:01.0812 3452 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:08:01.0859 3452 intelppm - ok
02:08:02.0468 3452 Intels51 (cb5c2935491f0f998f1b62bffa258464) C:\WINDOWS\system32\DRIVERS\ctxs51.sys
02:08:02.0796 3452 Intels51 - ok
02:08:03.0125 3452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:08:03.0156 3452 Ip6Fw - ok
02:08:03.0468 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:08:03.0500 3452 IpFilterDriver - ok
02:08:03.0781 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:08:03.0796 3452 IpInIp - ok
02:08:04.0156 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:08:04.0156 3452 IpNat - ok
02:08:04.0453 3452 iPod Service (f055c1760abfa52b159985e551ea0edc) C:\Programme\iPod\bin\iPodService.exe
02:08:04.0750 3452 iPod Service - ok
02:08:05.0062 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:08:05.0109 3452 IPSec - ok
02:08:05.0390 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:08:05.0406 3452 IRENUM - ok
02:08:05.0703 3452 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:08:05.0734 3452 isapnp - ok
02:08:05.0921 3452 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
02:08:05.0921 3452 JavaQuickStarterService - ok
02:08:06.0234 3452 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:08:06.0250 3452 Kbdclass - ok
02:08:06.0546 3452 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:08:06.0546 3452 kbdhid - ok
02:08:06.0906 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:08:07.0000 3452 kmixer - ok
02:08:07.0328 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:08:07.0375 3452 KSecDD - ok
02:08:07.0671 3452 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
02:08:07.0687 3452 LanmanServer - ok
02:08:08.0140 3452 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
02:08:08.0187 3452 lanmanworkstation - ok
02:08:08.0453 3452 lbrtfdc - ok
02:08:08.0687 3452 LCcfltr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MTDVC2_ENUM.dll
02:08:08.0703 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\MTDVC2_ENUM.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:08.0703 3452 LCcfltr ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:08.0703 3452 LCcfltr - detected Backdoor.Multi.ZAccess.gen (0)
02:08:08.0968 3452 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
02:08:08.0968 3452 LmHosts - ok
02:08:09.0312 3452 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
02:08:09.0328 3452 Messenger - ok
02:08:09.0625 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:08:09.0625 3452 mnmdd - ok
02:08:09.0921 3452 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
02:08:09.0937 3452 mnmsrvc - ok
02:08:10.0515 3452 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
02:08:10.0562 3452 Modem - ok
02:08:10.0921 3452 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:08:10.0937 3452 Mouclass - ok
02:08:11.0296 3452 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:08:11.0312 3452 mouhid - ok
02:08:11.0656 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:08:11.0687 3452 MountMgr - ok
02:08:11.0937 3452 mraid35x - ok
02:08:12.0281 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:08:12.0359 3452 MRxDAV - ok
02:08:12.0828 3452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:08:13.0171 3452 MRxSmb - ok
02:08:13.0468 3452 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
02:08:13.0468 3452 MSDTC - ok
02:08:13.0765 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:08:13.0781 3452 Msfs - ok
02:08:14.0015 3452 MSIServer - ok
02:08:14.0140 3452 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Programme\MSI - Live Update 5\msibios32_100507.sys
02:08:14.0156 3452 MSI_MSIBIOS_010507 - ok
02:08:14.0468 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:08:14.0468 3452 MSKSSRV - ok
02:08:14.0765 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:08:14.0765 3452 MSPCLOCK - ok
02:08:15.0093 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:08:15.0093 3452 MSPQM - ok
02:08:15.0390 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:08:15.0390 3452 mssmbios - ok
02:08:15.0718 3452 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:08:15.0734 3452 MSTEE - ok
02:08:16.0031 3452 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
02:08:16.0031 3452 ms_mpu401 - ok
02:08:16.0359 3452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:08:16.0406 3452 Mup - ok
02:08:16.0656 3452 MXOPSWD (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SRS_SSCFilter.dll
02:08:16.0656 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\SRS_SSCFilter.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:16.0671 3452 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:16.0671 3452 MXOPSWD - detected Backdoor.Multi.ZAccess.gen (0)
02:08:16.0984 3452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:08:17.0031 3452 NABTSFEC - ok
02:08:17.0421 3452 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
02:08:17.0625 3452 napagent - ok
02:08:18.0000 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:08:18.0281 3452 NDIS - ok
02:08:18.0593 3452 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:08:18.0609 3452 NdisIP - ok
02:08:18.0890 3452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:08:18.0890 3452 NdisTapi - ok
02:08:19.0203 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:08:19.0250 3452 Ndisuio - ok
02:08:19.0578 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:08:19.0625 3452 NdisWan - ok
02:08:19.0921 3452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:08:19.0937 3452 NDProxy - ok
02:08:20.0265 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:08:20.0281 3452 NetBIOS - ok
02:08:20.0625 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:08:20.0703 3452 NetBT - ok
02:08:21.0000 3452 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
02:08:21.0046 3452 NetDDE - ok
02:08:21.0109 3452 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
02:08:21.0109 3452 NetDDEdsdm - ok
02:08:21.0406 3452 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
02:08:21.0406 3452 Netlogon - ok
02:08:21.0734 3452 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
02:08:21.0750 3452 Netman - ok
02:08:21.0984 3452 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:08:22.0046 3452 NetTcpPortSharing - ok
02:08:22.0406 3452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:08:22.0406 3452 NIC1394 - ok
02:08:22.0750 3452 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
02:08:22.0765 3452 Nla - ok
02:08:23.0062 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:08:23.0078 3452 Npfs - ok
02:08:23.0593 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:08:23.0843 3452 Ntfs - ok
02:08:23.0937 3452 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Programme\MSI - Live Update 5\NTIOLib.sys
02:08:23.0953 3452 NTIOLib_1_0_4 - ok
02:08:24.0218 3452 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
02:08:24.0218 3452 NtLmSsp - ok
02:08:24.0640 3452 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
02:08:24.0890 3452 NtmsSvc - ok
02:08:25.0171 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:08:25.0171 3452 Null - ok
02:08:29.0609 3452 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:08:33.0562 3452 nv - ok
02:08:33.0890 3452 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\System32\nvsvc32.exe
02:08:33.0906 3452 nvsvc - ok
02:08:34.0171 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:08:34.0187 3452 NwlnkFlt - ok
02:08:34.0484 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:08:34.0515 3452 NwlnkFwd - ok
02:08:34.0765 3452 O2SCBUS (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Stltrk2k.dll
02:08:34.0781 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\Stltrk2k.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:34.0781 3452 O2SCBUS ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:34.0781 3452 O2SCBUS - detected Backdoor.Multi.ZAccess.gen (0)
02:08:35.0078 3452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:08:35.0078 3452 ohci1394 - ok
02:08:35.0437 3452 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
02:08:35.0515 3452 Parport - ok
02:08:35.0812 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:08:35.0859 3452 PartMgr - ok
02:08:36.0140 3452 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
02:08:36.0156 3452 ParVdm - ok
02:08:36.0265 3452 pbfilter (f678cd9e3afcc9264a514b941a85a9d4) C:\Programme\PeerBlock\pbfilter.sys
02:08:36.0281 3452 pbfilter - ok
02:08:36.0609 3452 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
02:08:36.0640 3452 PCI - ok
02:08:36.0906 3452 PCIDump - ok
02:08:37.0171 3452 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\drivers\PCIIde.sys
02:08:37.0171 3452 PCIIde - ok
02:08:37.0531 3452 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:08:37.0593 3452 Pcmcia - ok
02:08:37.0890 3452 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
02:08:37.0921 3452 pcouffin - ok
02:08:38.0171 3452 PDCOMP - ok
02:08:38.0421 3452 PDFRAME - ok
02:08:38.0687 3452 pdlnacom (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mediamaxxlservice.dll
02:08:38.0703 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\mediamaxxlservice.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:38.0703 3452 pdlnacom ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:38.0703 3452 pdlnacom - detected Backdoor.Multi.ZAccess.gen (0)
02:08:38.0953 3452 PDRELI - ok
02:08:39.0187 3452 PDRFRAME - ok
02:08:39.0421 3452 perc2 - ok
02:08:39.0656 3452 perc2hib - ok
02:08:39.0984 3452 PhTVTune (94e7f6107c70251059ae4d01b1d76124) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
02:08:40.0015 3452 PhTVTune - ok
02:08:40.0312 3452 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
02:08:40.0328 3452 PlugPlay - ok
02:08:40.0625 3452 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
02:08:40.0625 3452 PolicyAgent - ok
02:08:40.0953 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:08:40.0968 3452 PptpMiniport - ok
02:08:41.0375 3452 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
02:08:41.0437 3452 Processor - ok
02:08:41.0703 3452 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
02:08:41.0703 3452 ProtectedStorage - ok
02:08:41.0968 3452 ProtoWall - ok
02:08:42.0250 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:08:42.0281 3452 PSched - ok
02:08:42.0578 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:08:42.0640 3452 Ptilink - ok
02:08:42.0921 3452 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
02:08:42.0937 3452 PxHelp20 - ok
02:08:43.0218 3452 qbreminderflash (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ipodservice.dll
02:08:43.0218 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\ipodservice.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:43.0218 3452 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:43.0218 3452 qbreminderflash - detected Backdoor.Multi.ZAccess.gen (0)
02:08:43.0468 3452 ql1080 - ok
02:08:43.0734 3452 Ql10wnt - ok
02:08:43.0984 3452 ql12160 - ok
02:08:44.0218 3452 ql1240 - ok
02:08:44.0546 3452 ql1280 - ok
02:08:44.0796 3452 QWAVE (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SQTECH905C.dll
02:08:44.0796 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\SQTECH905C.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:44.0796 3452 QWAVE ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:44.0796 3452 QWAVE - detected Backdoor.Multi.ZAccess.gen (0)
02:08:45.0078 3452 RalinkRegistryWriter (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\compbatt.dll
02:08:45.0078 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\compbatt.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:45.0078 3452 RalinkRegistryWriter ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:45.0078 3452 RalinkRegistryWriter - detected Backdoor.Multi.ZAccess.gen (0)
02:08:45.0421 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:08:45.0421 3452 RasAcd - ok
02:08:45.0703 3452 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
02:08:45.0750 3452 RasAuto - ok
02:08:46.0078 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:08:46.0093 3452 Rasl2tp - ok
02:08:46.0437 3452 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
02:08:46.0437 3452 RasMan - ok
02:08:46.0750 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:08:46.0796 3452 RasPppoe - ok
02:08:47.0078 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:08:47.0093 3452 Raspti - ok
02:08:47.0515 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:08:47.0656 3452 Rdbss - ok
02:08:47.0937 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:08:47.0937 3452 RDPCDD - ok
02:08:48.0312 3452 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
02:08:48.0390 3452 RDPWD - ok
02:08:48.0703 3452 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
02:08:48.0765 3452 RDSessMgr - ok
02:08:49.0093 3452 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:08:49.0125 3452 redbook - ok
02:08:49.0406 3452 regspy (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pdlnctdl.dll
02:08:49.0468 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\pdlnctdl.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:49.0468 3452 regspy ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:49.0468 3452 regspy - detected Backdoor.Multi.ZAccess.gen (0)
02:08:49.0781 3452 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
02:08:49.0812 3452 RemoteAccess - ok
02:08:50.0062 3452 retrolauncher (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\elaunidr.dll
02:08:50.0093 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\elaunidr.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:50.0093 3452 retrolauncher ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:50.0093 3452 retrolauncher - detected Backdoor.Multi.ZAccess.gen (0)
02:08:50.0468 3452 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
02:08:50.0500 3452 RFCOMM - ok
02:08:50.0750 3452 rimsptsk (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\BoiHwsetup.dll
02:08:50.0750 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\BoiHwsetup.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:50.0750 3452 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:50.0750 3452 rimsptsk - detected Backdoor.Multi.ZAccess.gen (0)
02:08:51.0062 3452 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
02:08:51.0140 3452 RpcLocator - ok
02:08:51.0546 3452 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
02:08:51.0546 3452 RpcSs - ok
02:08:51.0875 3452 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
02:08:51.0937 3452 RSVP - ok
02:08:52.0218 3452 rxmssync (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\wanminiportservice.dll
02:08:52.0218 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\wanminiportservice.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:52.0218 3452 rxmssync ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:52.0218 3452 rxmssync - detected Backdoor.Multi.ZAccess.gen (0)
02:08:52.0531 3452 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
02:08:52.0531 3452 SamSs - ok
02:08:52.0718 3452 SbieDrv (a4aac62e6c1a5a56ae41b6c0570ab68b) C:\Programme\Sandboxie\SbieDrv.sys
02:08:52.0734 3452 SbieDrv - ok
02:08:52.0890 3452 SbieSvc (9581517ef4b3e6f84b6cfd503a0178c4) C:\Programme\Sandboxie\SbieSvc.exe
02:08:52.0890 3452 SbieSvc - ok
02:08:53.0187 3452 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
02:08:53.0234 3452 SCardSvr - ok
02:08:53.0578 3452 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
02:08:53.0593 3452 Schedule - ok
02:08:53.0906 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:08:53.0921 3452 Secdrv - ok
02:08:54.0187 3452 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
02:08:54.0203 3452 seclogon - ok
02:08:54.0468 3452 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
02:08:54.0484 3452 SENS - ok
02:08:54.0796 3452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:08:54.0812 3452 serenum - ok
02:08:55.0109 3452 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
02:08:55.0140 3452 Serial - ok
02:08:55.0468 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:08:55.0468 3452 Sfloppy - ok
02:08:55.0843 3452 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
02:08:55.0875 3452 SharedAccess - ok
02:08:56.0234 3452 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
02:08:56.0250 3452 ShellHWDetection - ok
02:08:56.0562 3452 Simbad - ok
02:08:56.0859 3452 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
02:08:56.0937 3452 SISAGP - ok
02:08:57.0234 3452 SiSide (982fd755516012bfd582ef20c6a123ff) C:\WINDOWS\system32\DRIVERS\siside.sys
02:08:57.0234 3452 SiSide - ok
02:08:57.0578 3452 sisidex (5aed8bf3bf7df795d70146d4af4a2580) C:\WINDOWS\system32\drivers\sisidex.sys
02:08:57.0656 3452 sisidex - ok
02:08:57.0968 3452 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
02:08:57.0984 3452 SISNICXP - ok
02:08:58.0265 3452 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
02:08:58.0281 3452 sisperf - ok
02:08:58.0562 3452 slee_81_service (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\drmkaud.dll
02:08:58.0578 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\drmkaud.dll. md5: 11028c6a84a967070cb1286550f2058f
02:08:58.0578 3452 slee_81_service ( Backdoor.Multi.ZAccess.gen ) - infected
02:08:58.0578 3452 slee_81_service - detected Backdoor.Multi.ZAccess.gen (0)
02:08:58.0890 3452 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:08:58.0906 3452 SLIP - ok
02:08:59.0953 3452 SmcService (8eca9578bfc7da42d6d24c862224c5db) C:\Programme\Sygate\smc.exe
02:08:59.0984 3452 SmcService - ok
02:09:00.0250 3452 Sparrow - ok
02:09:00.0515 3452 spcsutilityservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\netcfgsvr.dll
02:09:00.0515 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\netcfgsvr.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:00.0515 3452 spcsutilityservice ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:00.0515 3452 spcsutilityservice - detected Backdoor.Multi.ZAccess.gen (0)
02:09:00.0812 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:09:00.0812 3452 splitter - ok
02:09:01.0093 3452 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
02:09:01.0093 3452 Spooler - ok
02:09:01.0656 3452 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
02:09:02.0015 3452 sptd - ok
02:09:02.0359 3452 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
02:09:02.0406 3452 sr - ok
02:09:02.0765 3452 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
02:09:02.0781 3452 srservice - ok
02:09:03.0187 3452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:09:03.0406 3452 Srv - ok
02:09:03.0703 3452 sscdserd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\LMouFilt.dll
02:09:03.0703 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\LMouFilt.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:03.0703 3452 sscdserd ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:03.0718 3452 sscdserd - detected Backdoor.Multi.ZAccess.gen (0)
02:09:04.0015 3452 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
02:09:04.0015 3452 SSDPSRV - ok
02:09:04.0296 3452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:09:04.0312 3452 ssmdrv - ok
02:09:04.0718 3452 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
02:09:04.0765 3452 stisvc - ok
02:09:05.0078 3452 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:09:05.0109 3452 streamip - ok
02:09:05.0281 3452 SureThing Labelflash service (2d5ec51b2416e470f591679a6c6462d6) C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
02:09:05.0328 3452 SureThing Labelflash service - ok
02:09:05.0656 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:09:05.0671 3452 swenum - ok
02:09:06.0000 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:09:06.0015 3452 swmidi - ok
02:09:06.0250 3452 SwPrv - ok
02:09:06.0500 3452 symc810 - ok
02:09:06.0781 3452 symc8xx - ok
02:09:07.0031 3452 sym_hi - ok
02:09:07.0281 3452 sym_u3 - ok
02:09:07.0593 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:09:07.0625 3452 sysaudio - ok
02:09:07.0906 3452 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
02:09:07.0953 3452 SysmonLog - ok
02:09:08.0234 3452 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
02:09:08.0250 3452 tap0901 - ok
02:09:08.0546 3452 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
02:09:08.0578 3452 taphss - ok
02:09:08.0937 3452 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
02:09:08.0968 3452 TapiSrv - ok
02:09:09.0265 3452 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
02:09:09.0281 3452 tapvpn - ok
02:09:09.0593 3452 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
02:09:09.0609 3452 tbhsd - ok
02:09:10.0015 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:09:10.0234 3452 Tcpip - ok
02:09:10.0546 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:09:10.0546 3452 TDPIPE - ok
02:09:10.0968 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:09:10.0984 3452 TDTCP - ok
02:09:11.0437 3452 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
02:09:11.0484 3452 Teefer - ok
02:09:11.0875 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:09:11.0890 3452 TermDD - ok
02:09:12.0265 3452 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
02:09:12.0296 3452 TermService - ok
02:09:12.0609 3452 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
02:09:12.0609 3452 Themes - ok
02:09:12.0890 3452 TosIde - ok
02:09:13.0125 3452 transcode360 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\yediex.dll
02:09:13.0156 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\yediex.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:13.0156 3452 transcode360 ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:13.0156 3452 transcode360 - detected Backdoor.Multi.ZAccess.gen (0)
02:09:13.0453 3452 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
02:09:13.0453 3452 TrkWks - ok
02:09:13.0765 3452 tsdhd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ps2.dll
02:09:13.0828 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\ps2.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:13.0828 3452 tsdhd ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:13.0828 3452 tsdhd - detected Backdoor.Multi.ZAccess.gen (0)
02:09:14.0187 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:09:14.0218 3452 Udfs - ok
02:09:14.0468 3452 ultra - ok
02:09:14.0546 3452 UnlockerDriver5 (28cd05b9e54a11f08e3968ccc8f45002) C:\Programme\Unlocker\UnlockerDriver5.sys
02:09:14.0562 3452 UnlockerDriver5 - ok
02:09:15.0000 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:09:15.0187 3452 Update - ok
02:09:15.0515 3452 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
02:09:15.0593 3452 upnphost - ok
02:09:15.0890 3452 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
02:09:15.0906 3452 UPS - ok
02:09:16.0218 3452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:09:16.0265 3452 usbccgp - ok
02:09:16.0609 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:09:16.0640 3452 usbehci - ok
02:09:16.0984 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:09:17.0015 3452 usbhub - ok
02:09:17.0328 3452 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:09:17.0328 3452 usbohci - ok
02:09:17.0640 3452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:09:17.0656 3452 usbprint - ok
02:09:17.0953 3452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:09:17.0953 3452 usbscan - ok
02:09:18.0250 3452 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:09:18.0265 3452 usbstor - ok
02:09:18.0562 3452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:09:18.0562 3452 usbuhci - ok
02:09:18.0937 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:09:18.0953 3452 VgaSave - ok
02:09:19.0203 3452 vhidmini (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mgactrl.dll
02:09:19.0203 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\mgactrl.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:19.0203 3452 vhidmini ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:19.0218 3452 vhidmini - detected Backdoor.Multi.ZAccess.gen (0)
02:09:19.0468 3452 ViaIde - ok
02:09:19.0765 3452 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
02:09:19.0796 3452 VolSnap - ok
02:09:20.0078 3452 vsdatant - ok
02:09:20.0421 3452 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
02:09:20.0546 3452 VSS - ok
02:09:20.0906 3452 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
02:09:20.0906 3452 W32Time - ok
02:09:21.0250 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:09:21.0265 3452 Wanarp - ok
02:09:21.0609 3452 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
02:09:21.0609 3452 WDC_SAM - ok
02:09:21.0890 3452 WDICA - ok
02:09:22.0203 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:09:22.0250 3452 wdmaud - ok
02:09:22.0546 3452 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
02:09:22.0546 3452 WebClient - ok
02:09:22.0875 3452 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
02:09:22.0875 3452 wg3n - ok
02:09:23.0156 3452 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
02:09:23.0171 3452 wg4n - ok
02:09:23.0484 3452 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
02:09:23.0500 3452 wg5n - ok
02:09:23.0812 3452 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
02:09:23.0828 3452 wg6n - ok
02:09:24.0187 3452 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:09:24.0187 3452 winmgmt - ok
02:09:24.0468 3452 wltwo51b (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ups.dll
02:09:24.0484 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\ups.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:24.0484 3452 wltwo51b ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:24.0484 3452 wltwo51b - detected Backdoor.Multi.ZAccess.gen (0)
02:09:24.0750 3452 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:09:24.0781 3452 WmdmPmSN - ok
02:09:25.0000 3452 WmdmPmSp - ok
02:09:25.0328 3452 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:09:25.0328 3452 WmiApSrv - ok
02:09:25.0750 3452 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
02:09:26.0312 3452 WMPNetworkSvc - ok
02:09:26.0906 3452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:09:27.0218 3452 WPFFontCache_v0400 - ok
02:09:27.0515 3452 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
02:09:27.0531 3452 wpsdrvnt - ok
02:09:27.0859 3452 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:09:27.0875 3452 WSTCODEC - ok
02:09:28.0109 3452 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
02:09:28.0109 3452 wuauserv - ok
02:09:28.0531 3452 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
02:09:28.0640 3452 WZCSVC - ok
02:09:28.0750 3452 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
02:09:28.0765 3452 x10nets - ok
02:09:29.0093 3452 X10UIF (2a35913cfe96e7b19097c9a1c3bc5182) C:\WINDOWS\system32\Drivers\x10uif.sys
02:09:29.0109 3452 X10UIF - ok
02:09:29.0453 3452 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
02:09:29.0515 3452 xmlprov - ok
02:09:29.0796 3452 zendcoreapache (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\M3AD.dll
02:09:29.0859 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\M3AD.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:29.0859 3452 zendcoreapache ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:29.0859 3452 zendcoreapache - detected Backdoor.Multi.ZAccess.gen (0)
02:09:30.0109 3452 ZTEusbnmea (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\nic1394.dll
02:09:30.0109 3452 Suspicious file (NoAccess): C:\WINDOWS\system32\nic1394.dll. md5: 11028c6a84a967070cb1286550f2058f
02:09:30.0109 3452 ZTEusbnmea ( Backdoor.Multi.ZAccess.gen ) - infected
02:09:30.0109 3452 ZTEusbnmea - detected Backdoor.Multi.ZAccess.gen (0)
02:09:30.0187 3452 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
02:09:30.0562 3452 \Device\Harddisk0\DR0 - ok
02:09:30.0578 3452 Boot (0x1200) (e065cc4c5dea8ac1bdf9320e5c07935f) \Device\Harddisk0\DR0\Partition0
02:09:30.0578 3452 \Device\Harddisk0\DR0\Partition0 - ok
02:09:30.0609 3452 Boot (0x1200) (a0c99981aa05de166a97b550f1576ae8) \Device\Harddisk0\DR0\Partition1
02:09:30.0609 3452 \Device\Harddisk0\DR0\Partition1 - ok
02:09:30.0609 3452 ============================================================
02:09:30.0609 3452 Scan finished
02:09:30.0609 3452 ============================================================
02:09:30.0640 1728 Detected object count: 44
02:09:30.0640 1728 Actual detected object count: 44
02:25:37.0453 1728 C:\WINDOWS\system32\navapsvc.dll - copied to quarantine
02:25:37.0453 1728 amfilter ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:37.0734 1728 C:\WINDOWS\system32\viaide.dll - copied to quarantine
02:25:37.0750 1728 aracpi ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:38.0062 1728 C:\WINDOWS\system32\tfsndres.dll - copied to quarantine
02:25:38.0078 1728 ASNDIS5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:38.0406 1728 C:\WINDOWS\system32\revudfservice.dll - copied to quarantine
02:25:38.0406 1728 atimtag ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:38.0687 1728 C:\WINDOWS\system32\Sunkfiltp.dll - copied to quarantine
02:25:38.0703 1728 ATMsg ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:39.0046 1728 C:\WINDOWS\system32\Mtlstrm.dll - copied to quarantine
02:25:39.0046 1728 automate6 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:39.0437 1728 C:\WINDOWS\system32\umpusbxp.dll - copied to quarantine
02:25:39.0453 1728 AVerBDA ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:39.0921 1728 C:\WINDOWS\system32\btwmodem.dll - copied to quarantine
02:25:39.0921 1728 BsHelpCS ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:40.0234 1728 C:\WINDOWS\system32\VRADFIL.dll - copied to quarantine
02:25:40.0234 1728 btwavdt ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:40.0609 1728 C:\WINDOWS\system32\oraclexeclragent.dll - copied to quarantine
02:25:40.0625 1728 Cardex ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:40.0906 1728 C:\WINDOWS\system32\lxcg_device.dll - copied to quarantine
02:25:40.0906 1728 cbidf ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:41.0375 1728 C:\WINDOWS\system32\advantage.dll - copied to quarantine
02:25:41.0375 1728 cdr4_2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:25:41.0734 1728 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
02:25:42.0031 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\@ - copied to quarantine
02:25:42.0078 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\cfg.ini - copied to quarantine
02:25:42.0156 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\Desktop.ini - copied to quarantine
02:25:42.0234 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\L\gmlbqmwa - copied to quarantine
02:25:42.0312 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000001.@ - copied to quarantine
02:25:42.0468 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000002.@ - copied to quarantine
02:25:42.0515 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000004.@ - copied to quarantine
02:25:42.0562 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000000.@ - copied to quarantine
02:25:42.0578 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000004.@ - copied to quarantine
02:25:42.0593 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000032.@ - copied to quarantine
02:25:42.0593 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\version - copied to quarantine
02:25:46.0453 1728 Backup copy found, using it..
02:25:46.0562 1728 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\cfg.ini - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\Desktop.ini - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000001.@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000002.@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\00000004.@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000000.@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000004.@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\U\80000032.@ - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\1826113177\version - will be deleted on reboot
02:26:15.0546 1728 C:\WINDOWS\$NtUninstallKB10817$\4026923165 - will be deleted on reboot
02:26:15.0546 1728 Cdrom ( Virus.Win32.ZAccess.c ) - User select action: Cure
02:26:15.0843 1728 C:\WINDOWS\system32\usr11g.dll - copied to quarantine
02:26:15.0859 1728 ctaud2k ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:16.0234 1728 C:\WINDOWS\system32\coste.dll - copied to quarantine
02:26:16.0250 1728 CTEDSPIO.DLL ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:16.0546 1728 C:\WINDOWS\system32\vc5secs.dll - copied to quarantine
02:26:16.0546 1728 dladresm ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:16.0859 1728 C:\WINDOWS\system32\cdr4_xp.dll - copied to quarantine
02:26:16.0859 1728 downloadmanagerlite ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:17.0156 1728 C:\WINDOWS\system32\sit_flt.dll - copied to quarantine
02:26:17.0156 1728 elnkupdateservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:17.0453 1728 C:\WINDOWS\system32\astcc.dll - copied to quarantine
02:26:17.0468 1728 EpmShd ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:17.0796 1728 C:\WINDOWS\system32\VirtualCam.dll - copied to quarantine
02:26:17.0796 1728 filechecker ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:18.0125 1728 C:\WINDOWS\system32\gearsecurity.dll - copied to quarantine
02:26:18.0140 1728 fsbwsys ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:18.0468 1728 C:\WINDOWS\system32\ATWPKT2.dll - copied to quarantine
02:26:18.0468 1728 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:18.0828 1728 C:\WINDOWS\system32\inetaccs.dll - copied to quarantine
02:26:18.0828 1728 iAimTV6 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:19.0140 1728 C:\WINDOWS\system32\HECI.dll - copied to quarantine
02:26:19.0140 1728 idechndr ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:19.0437 1728 C:\WINDOWS\system32\MTDVC2_ENUM.dll - copied to quarantine
02:26:19.0437 1728 LCcfltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:19.0703 1728 C:\WINDOWS\system32\SRS_SSCFilter.dll - copied to quarantine
02:26:19.0703 1728 MXOPSWD ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:19.0984 1728 C:\WINDOWS\system32\Stltrk2k.dll - copied to quarantine
02:26:19.0984 1728 O2SCBUS ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:20.0281 1728 C:\WINDOWS\system32\mediamaxxlservice.dll - copied to quarantine
02:26:20.0281 1728 pdlnacom ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:20.0578 1728 C:\WINDOWS\system32\ipodservice.dll - copied to quarantine
02:26:20.0578 1728 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:20.0859 1728 C:\WINDOWS\system32\SQTECH905C.dll - copied to quarantine
02:26:20.0875 1728 QWAVE ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:21.0406 1728 C:\WINDOWS\system32\compbatt.dll - copied to quarantine
02:26:21.0406 1728 RalinkRegistryWriter ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:21.0921 1728 C:\WINDOWS\system32\pdlnctdl.dll - copied to quarantine
02:26:21.0921 1728 regspy ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:22.0296 1728 C:\WINDOWS\system32\elaunidr.dll - copied to quarantine
02:26:22.0328 1728 retrolauncher ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:22.0625 1728 C:\WINDOWS\system32\BoiHwsetup.dll - copied to quarantine
02:26:22.0625 1728 rimsptsk ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:22.0890 1728 C:\WINDOWS\system32\wanminiportservice.dll - copied to quarantine
02:26:22.0890 1728 rxmssync ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:23.0234 1728 C:\WINDOWS\system32\drmkaud.dll - copied to quarantine
02:26:23.0250 1728 slee_81_service ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:23.0515 1728 C:\WINDOWS\system32\netcfgsvr.dll - copied to quarantine
02:26:23.0515 1728 spcsutilityservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:23.0843 1728 C:\WINDOWS\system32\LMouFilt.dll - copied to quarantine
02:26:23.0843 1728 sscdserd ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:24.0281 1728 C:\WINDOWS\system32\yediex.dll - copied to quarantine
02:26:24.0281 1728 transcode360 ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:24.0640 1728 C:\WINDOWS\system32\ps2.dll - copied to quarantine
02:26:24.0640 1728 tsdhd ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:24.0921 1728 C:\WINDOWS\system32\mgactrl.dll - copied to quarantine
02:26:24.0921 1728 vhidmini ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:25.0265 1728 C:\WINDOWS\system32\ups.dll - copied to quarantine
02:26:25.0265 1728 wltwo51b ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:25.0562 1728 C:\WINDOWS\system32\M3AD.dll - copied to quarantine
02:26:25.0562 1728 zendcoreapache ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:26:25.0859 1728 C:\WINDOWS\system32\nic1394.dll - copied to quarantine
02:26:25.0875 1728 ZTEusbnmea ( Backdoor.Multi.ZAccess.gen ) - User select action: Quarantine
02:43:03.0953 1264 Deinitialize success

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:08 PM

Posted 27 March 2012 - 02:34 PM

That's a very infected machine. Please run FixTDSS now

I would like you to run this tool for me - fixTDSS

Download it to your desktop and start the program

Follow the prompts and OK any security prompts

When it is complete it will say the infection was cleared or no infection was found - let me know what it says
Posted Image
m0le is a proud member of UNITE

#15 virustroubles

virustroubles
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 27 March 2012 - 03:36 PM

It's not working so far. FixTDSS asks me to restart my computer. After rebooting the XP startup screen appears and right when it disappears and a glimpse of something else is visible the computer crashes and restarts. Then I get to choose between 'Safe Mode', 'normal mode' and so on. 'Normal mode' keeps the computer crashing, so I tried 'Last known working configuration'. I got: "Tool Failure. Tool must be first run without -postboot".

Edit: A blue screen seems to appear right after the XP startup screen disappears, but only for a tenth of a second, then the computer restarts.

Edit2: I started the computer in 'Safe Mode' this time, ran FixTDSS and it might have worked. It restarted the computer as usual, I hit F8 and selected 'start protocol' and it started normally without crashing and then scanned my system. It ended with the message "Backdoor.Tidserv has not been found on your computer".

Edited by virustroubles, 27 March 2012 - 06:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users