Zurück   Trojaner-Board > Malware entfernen > Diskussionsforum

Diskussionsforum: Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert

Windows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben.

Antwort
Alt 04.03.2016, 18:16   #1
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Icon27

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Hallo,


wir sind seid mehreren Mobaten mit dem oben genannten Bootkit infiziert.
Betroffen sind 2 Laptops,1 Desktop Rechner iund ein Surface.
Die Malware infiziert sowohl Linux als auch Windows.
Formatierung der Festplatte und Neuinstallation hilft nicht, selbst nach Festplattenaustausch
(durch eine werksneue) ist die Malware noch da. Alle nisheigen Antiroozkit-Tools und Rescure-Disk können das Bootkit nicht entfernen.

Die versteckten Partition kann ich unter Linux mit einigen Tools sichtbar machen, z.b enthält die "Boot:X " einen Ordner "PseudoWindows", löschen lassen sich die "loop"Volumes nicht.

Alle Logs, Screens die ich habe,hänge ich in kürze an.
Die Links unten folgen auch gleich.



PS: Da ich schon in anderen Foren als "Spinner" und ähliches beschimpft wurde, bitte
mit den Links unten und dem Thema "Rootkit in der Hardware" beschäftigen, bevor Stichwörter wie "unmöglich" und ähnliches fallen.

Alt 05.03.2016, 00:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.03.2016, 11:17   #3
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

gmer log



Dann gehts los:

Gmer Teil I

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2016-03-05 00:33:37
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c TOSHIBA_MQ01ABD050 rev.AX001U 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\DENNIS~1\AppData\Local\Temp\afadyaow.sys


---- System - GMER 2.1 ----

SSDT     ZwAcceptConnectPort                                                                                                                                                                                                                          fffff800ef7086e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAccessCheck                                                                                                                                                                                                                                fffff800ef2d9350 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwAccessCheckAndAuditAlarm                                                                                                                                                                                                                   fffff800ef6fd3ac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAccessCheckByType                                                                                                                                                                                                                          fffff800ef353c58 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwAccessCheckByTypeAndAuditAlarm                                                                                                                                                                                                             fffff800ef6fc120 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAccessCheckByTypeResultList                                                                                                                                                                                                                fffff800ef477fd8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwAccessCheckByTypeResultListAndAuditAlarm                                                                                                                                                                                                   fffff800ef8cdef4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAccessCheckByTypeResultListAndAuditAlarmByHandle                                                                                                                                                                                           fffff800ef8cdf9c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAddAtom                                                                                                                                                                                                                                    fffff800ef8eff8c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAddAtomEx                                                                                                                                                                                                                                  fffff800ef6c3694 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAddBootEntry                                                                                                                                                                                                                               fffff800ef8ec61c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAddDriverEntry                                                                                                                                                                                                                             fffff800ef8ec63c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAdjustGroupsToken                                                                                                                                                                                                                          fffff800ef6d3bc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAdjustPrivilegesToken                                                                                                                                                                                                                      fffff800ef6a31dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAdjustTokenClaimsAndDeviceGroups                                                                                                                                                                                                           fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlertResumeThread                                                                                                                                                                                                                          fffff800ef8bf928 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlertThread                                                                                                                                                                                                                                fffff800ef8bfa34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlertThreadByThreadId                                                                                                                                                                                                                      fffff800ef67ef68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAllocateLocallyUniqueId                                                                                                                                                                                                                    fffff800ef6e9990 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAllocateReserveObject                                                                                                                                                                                                                      fffff800ef62f6bc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAllocateUserPhysicalPages                                                                                                                                                                                                                  fffff800ef8a3a74 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAllocateUuids                                                                                                                                                                                                                              fffff800ef6c98d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAllocateVirtualMemory                                                                                                                                                                                                                      fffff800ef64d7b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcAcceptConnectPort                                                                                                                                                                                                                      fffff800ef722354 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcCancelMessage                                                                                                                                                                                                                          fffff800ef711054 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcConnectPort                                                                                                                                                                                                                            fffff800ef7222e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcConnectPortEx                                                                                                                                                                                                                          fffff800ef721cf4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcCreatePort                                                                                                                                                                                                                             fffff800ef701308 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcCreatePortSection                                                                                                                                                                                                                      fffff800ef6ec624 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcCreateResourceReserve                                                                                                                                                                                                                  fffff800ef6f2204 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcCreateSectionView                                                                                                                                                                                                                      fffff800ef6eca08 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcCreateSecurityContext                                                                                                                                                                                                                  fffff800ef698dd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcDeletePortSection                                                                                                                                                                                                                      fffff800ef6ec54c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcDeleteResourceReserve                                                                                                                                                                                                                  fffff800ef89d27c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcDeleteSectionView                                                                                                                                                                                                                      fffff800ef6b34f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcDeleteSecurityContext                                                                                                                                                                                                                  fffff800ef68eaac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcDisconnectPort                                                                                                                                                                                                                         fffff800ef72129c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcImpersonateClientContainerOfPort                                                                                                                                                                                                       fffff800ef89d368 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcImpersonateClientOfPort                                                                                                                                                                                                                fffff800ef6908c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcOpenSenderProcess                                                                                                                                                                                                                      fffff800ef721a4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcOpenSenderThread                                                                                                                                                                                                                       fffff800ef701128 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcQueryInformation                                                                                                                                                                                                                       fffff800ef6daa30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcQueryInformationMessage                                                                                                                                                                                                                fffff800ef6ef0d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcRevokeSecurityContext                                                                                                                                                                                                                  fffff800ef89d500 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcSendWaitReceivePort                                                                                                                                                                                                                    fffff800ef693570 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAlpcSetInformation                                                                                                                                                                                                                         fffff800ef71d190 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwApphelpCacheControl                                                                                                                                                                                                                        fffff800ef6a9f14 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAreMappedFilesTheSame                                                                                                                                                                                                                      fffff800ef6ce2f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAssignProcessToJobObject                                                                                                                                                                                                                   fffff800ef6cc9c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwAssociateWaitCompletionPacket                                                                                                                                                                                                              fffff800ef330800 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCallbackReturn                                                                                                                                                                                                                             fffff800ef3c1b90 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCancelIoFile                                                                                                                                                                                                                               fffff800ef70a3b4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCancelIoFileEx                                                                                                                                                                                                                             fffff800ef72a828 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCancelSynchronousIoFile                                                                                                                                                                                                                    fffff800ef8777ac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCancelTimer                                                                                                                                                                                                                                fffff800ef35bbb4 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCancelTimer2                                                                                                                                                                                                                               fffff800ef35f240 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCancelWaitCompletionPacket                                                                                                                                                                                                                 fffff800ef3305b0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwClearEvent                                                                                                                                                                                                                                 fffff800ef6e8e10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwClose                                                                                                                                                                                                                                      fffff800ef6b7b20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCloseObjectAuditAlarm                                                                                                                                                                                                                      fffff800ef6fc23c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCommitComplete                                                                                                                                                                                                                             fffff800ef27e018 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCommitEnlistment                                                                                                                                                                                                                           fffff800ef27e020 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCommitTransaction                                                                                                                                                                                                                          fffff800ef27e028 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCompactKeys                                                                                                                                                                                                                                fffff800ef858b78 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCompareObjects                                                                                                                                                                                                                             fffff800ef6fdef4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCompareTokens                                                                                                                                                                                                                              fffff800ef6d2084 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCompleteConnectPort                                                                                                                                                                                                                        fffff800ef70c2a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCompressKey                                                                                                                                                                                                                                fffff800ef858d94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwConnectPort                                                                                                                                                                                                                                fffff800ef72144c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwContinue                                                                                                                                                                                                                                   fffff800ef3bf610 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCreateDebugObject                                                                                                                                                                                                                          fffff800ef86ce58 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateDirectoryObject                                                                                                                                                                                                                      fffff800ef6bfeb8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateDirectoryObjectEx                                                                                                                                                                                                                    fffff800ef712c88 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateEnclave                                                                                                                                                                                                                              fffff800ef8a66b8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateEnlistment                                                                                                                                                                                                                           fffff800ef27e030 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCreateEvent                                                                                                                                                                                                                                fffff800ef6532a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateEventPair                                                                                                                                                                                                                            fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateFile                                                                                                                                                                                                                                 fffff800ef68f3b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateIRTimer                                                                                                                                                                                                                              fffff800ef780640 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateIoCompletion                                                                                                                                                                                                                         fffff800ef6c03ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateJobObject                                                                                                                                                                                                                            fffff800ef6cbd98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateJobSet                                                                                                                                                                                                                               fffff800ef7c2a80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateKey                                                                                                                                                                                                                                  fffff800ef67cee8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateKeyTransacted                                                                                                                                                                                                                        fffff800ef708a38 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateKeyedEvent                                                                                                                                                                                                                           fffff800ef7b6048 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateLowBoxToken                                                                                                                                                                                                                          fffff800ef6d3580 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateMailslotFile                                                                                                                                                                                                                         fffff800ef701bf4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateMutant                                                                                                                                                                                                                               fffff800ef653e20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateNamedPipeFile                                                                                                                                                                                                                        fffff800ef701cec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreatePagingFile                                                                                                                                                                                                                           fffff800ef7acc3c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreatePartition                                                                                                                                                                                                                            fffff800ef8a1bdc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreatePort                                                                                                                                                                                                                                 fffff800ef77fbc8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreatePrivateNamespace                                                                                                                                                                                                                     fffff800ef6f9a74 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateProcess                                                                                                                                                                                                                              fffff800ef8baa1c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateProcessEx                                                                                                                                                                                                                            fffff800ef712700 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateProfile                                                                                                                                                                                                                              fffff800ef8f1648 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateProfileEx                                                                                                                                                                                                                            fffff800ef8f171c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateResourceManager                                                                                                                                                                                                                      fffff800ef27e038 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCreateSection                                                                                                                                                                                                                              fffff800ef654450 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateSemaphore                                                                                                                                                                                                                            fffff800ef684bf4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateSymbolicLinkObject                                                                                                                                                                                                                   fffff800ef700270 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateThread                                                                                                                                                                                                                               fffff800ef8baa98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateThreadEx                                                                                                                                                                                                                             fffff800ef69dc78 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateTimer                                                                                                                                                                                                                                fffff800ef6c0634 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateTimer2                                                                                                                                                                                                                               fffff800ef6c04f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateToken                                                                                                                                                                                                                                fffff800ef8cf3e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateTokenEx                                                                                                                                                                                                                              fffff800ef6d5558 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateTransaction                                                                                                                                                                                                                          fffff800ef27e040 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCreateTransactionManager                                                                                                                                                                                                                   fffff800ef27e048 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwCreateUserProcess                                                                                                                                                                                                                          fffff800ef6a5348 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateWaitCompletionPacket                                                                                                                                                                                                                 fffff800ef6f1698 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateWaitablePort                                                                                                                                                                                                                         fffff800ef780400 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateWnfStateName                                                                                                                                                                                                                         fffff800ef7500a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwCreateWorkerFactory                                                                                                                                                                                                                        fffff800ef6c0084 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDebugActiveProcess                                                                                                                                                                                                                         fffff800ef86d020 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDebugContinue                                                                                                                                                                                                                              fffff800ef86d1f4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDelayExecution                                                                                                                                                                                                                             fffff800ef681320 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteAtom                                                                                                                                                                                                                                 fffff800ef6c2ea4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteBootEntry                                                                                                                                                                                                                            fffff800ef8ec65c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteDriverEntry                                                                                                                                                                                                                          fffff800ef8ec7dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteFile                                                                                                                                                                                                                                 fffff800ef7b99a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteKey                                                                                                                                                                                                                                  fffff800ef748fb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteObjectAuditAlarm                                                                                                                                                                                                                     fffff800ef62fbd0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeletePrivateNamespace                                                                                                                                                                                                                     fffff800ef8acd38 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteValueKey                                                                                                                                                                                                                             fffff800ef75377c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteWnfStateData                                                                                                                                                                                                                         fffff800ef7bbad8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeleteWnfStateName                                                                                                                                                                                                                         fffff800ef6effbc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDeviceIoControlFile                                                                                                                                                                                                                        fffff800ef664cc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDisableLastKnownGood                                                                                                                                                                                                                       fffff800ef78e468 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDisplayString                                                                                                                                                                                                                              fffff800ef8e84d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDrawText                                                                                                                                                                                                                                   fffff800ef48b280 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwDuplicateObject                                                                                                                                                                                                                            fffff800ef67dab0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwDuplicateToken                                                                                                                                                                                                                             fffff800ef677540 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwEnableLastKnownGood                                                                                                                                                                                                                        fffff800ef78d354 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwEnumerateBootEntries                                                                                                                                                                                                                       fffff800ef8ec95c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwEnumerateDriverEntries                                                                                                                                                                                                                     fffff800ef8ecf00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwEnumerateKey                                                                                                                                                                                                                               fffff800ef6585a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwEnumerateSystemEnvironmentValuesEx                                                                                                                                                                                                         fffff800ef8ed3ac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwEnumerateTransactionObject                                                                                                                                                                                                                 fffff800ef27e050 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwEnumerateValueKey                                                                                                                                                                                                                          fffff800ef67d710 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwExtendSection                                                                                                                                                                                                                              fffff800ef8a1ecc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFilterBootOption                                                                                                                                                                                                                           fffff800ef8d04c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFilterToken                                                                                                                                                                                                                                fffff800ef6d65dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFilterTokenEx                                                                                                                                                                                                                              fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFindAtom                                                                                                                                                                                                                                   fffff800ef678e40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushBuffersFile                                                                                                                                                                                                                           fffff800ef72ac30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushBuffersFileEx                                                                                                                                                                                                                         fffff800ef72ac4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushInstallUILanguage                                                                                                                                                                                                                     fffff800ef7bd5e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushInstructionCache                                                                                                                                                                                                                      fffff800ef70c2a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushKey                                                                                                                                                                                                                                   fffff800ef70e7ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushProcessWriteBuffers                                                                                                                                                                                                                   fffff800ef2952c0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwFlushVirtualMemory                                                                                                                                                                                                                         fffff800ef72e810 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFlushWriteBuffer                                                                                                                                                                                                                           fffff800ef8a6f60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFreeUserPhysicalPages                                                                                                                                                                                                                      fffff800ef8a4210 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFreeVirtualMemory                                                                                                                                                                                                                          fffff800ef6b0dc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwFreezeRegistry                                                                                                                                                                                                                             fffff800ef39ab34 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwFreezeTransactions                                                                                                                                                                                                                         fffff800ef27e058 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwFsControlFile                                                                                                                                                                                                                              fffff800ef720130 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetCachedSigningLevel                                                                                                                                                                                                                      fffff800ef6fd000 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetCompleteWnfStateSubscription                                                                                                                                                                                                            fffff800ef6a17bc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetContextThread                                                                                                                                                                                                                           fffff800ef7045cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetCurrentProcessorNumber                                                                                                                                                                                                                  fffff800ef8bb038 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetCurrentProcessorNumberEx                                                                                                                                                                                                                fffff800ef8bb068 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetDevicePowerState                                                                                                                                                                                                                        fffff800ef8b464c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetMUIRegistryInfo                                                                                                                                                                                                                         fffff800ef6faba4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetNextProcess                                                                                                                                                                                                                             fffff800ef769f70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetNextThread                                                                                                                                                                                                                              fffff800ef70cb64 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetNlsSectionPtr                                                                                                                                                                                                                           fffff800ef6d144c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwGetNotificationResourceManager                                                                                                                                                                                                             fffff800ef27e060 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwGetWriteWatch                                                                                                                                                                                                                              fffff800ef312140 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwImpersonateAnonymousToken                                                                                                                                                                                                                  fffff800ef6d2518 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwImpersonateClientOfPort                                                                                                                                                                                                                    fffff800ef89c610 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwImpersonateThread                                                                                                                                                                                                                          fffff800ef6e76f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwInitializeEnclave                                                                                                                                                                                                                          fffff800ef8a6a7c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwInitializeNlsFiles                                                                                                                                                                                                                         fffff800ef6af5e4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwInitializeRegistry                                                                                                                                                                                                                         fffff800ef77f97c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwInitiatePowerAction                                                                                                                                                                                                                        fffff800ef7676fc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwIsProcessInJob                                                                                                                                                                                                                             fffff800ef6cc41c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwIsSystemResumeAutomatic                                                                                                                                                                                                                    fffff800ef76b9c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwIsUILanguageComitted                                                                                                                                                                                                                       fffff800ef7126d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwListenPort                                                                                                                                                                                                                                 fffff800ef7be700 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLoadDriver                                                                                                                                                                                                                                 fffff800ef718fc8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLoadEnclaveData                                                                                                                                                                                                                            fffff800ef8a6d38 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLoadKey                                                                                                                                                                                                                                    fffff800ef714abc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLoadKey2                                                                                                                                                                                                                                   fffff800ef780618 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLoadKeyEx                                                                                                                                                                                                                                  fffff800ef749b38 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLockFile                                                                                                                                                                                                                                   fffff800ef72b358 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLockProductActivationKeys                                                                                                                                                                                                                  fffff800ef7a9590 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLockRegistryKey                                                                                                                                                                                                                            fffff800ef7b5280 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLockVirtualMemory                                                                                                                                                                                                                          fffff800ef308f88 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwMakePermanentObject                                                                                                                                                                                                                        fffff800ef7c1a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMakeTemporaryObject                                                                                                                                                                                                                        fffff800ef719458 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwManagePartition                                                                                                                                                                                                                            fffff800ef8a1d70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapCMFModule                                                                                                                                                                                                                               fffff800ef6faf24 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapUserPhysicalPages                                                                                                                                                                                                                       fffff800ef8a46e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapUserPhysicalPagesScatter                                                                                                                                                                                                                fffff800ef8a4b30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapViewOfSection                                                                                                                                                                                                                           fffff800ef649cf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwModifyBootEntry                                                                                                                                                                                                                            fffff800ef8ed644 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwModifyDriverEntry                                                                                                                                                                                                                          fffff800ef8ed660 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeDirectoryFile                                                                                                                                                                                                                  fffff800ef72a96c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeKey                                                                                                                                                                                                                            fffff800ef6b394c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeMultipleKeys                                                                                                                                                                                                                   fffff800ef6b39b4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeSession                                                                                                                                                                                                                        fffff800ef711a04 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenDirectoryObject                                                                                                                                                                                                                        fffff800ef68eb90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenEnlistment                                                                                                                                                                                                                             fffff800ef27e068 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwOpenEvent                                                                                                                                                                                                                                  fffff800ef68e404 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenEventPair                                                                                                                                                                                                                              fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenFile                                                                                                                                                                                                                                   fffff800ef68f348 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenIoCompletion                                                                                                                                                                                                                           fffff800ef877504 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenJobObject                                                                                                                                                                                                                              fffff800ef8bdec0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKey                                                                                                                                                                                                                                    fffff800ef68f4d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyEx                                                                                                                                                                                                                                  fffff800ef68ff34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyTransacted                                                                                                                                                                                                                          fffff800ef858f14 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyTransactedEx                                                                                                                                                                                                                        fffff800ef70744c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyedEvent                                                                                                                                                                                                                             fffff800ef8f1ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenMutant                                                                                                                                                                                                                                 fffff800ef68ea08 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenObjectAuditAlarm                                                                                                                                                                                                                       fffff800ef708ea4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenPartition                                                                                                                                                                                                                              fffff800ef8a1dd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenPrivateNamespace                                                                                                                                                                                                                       fffff800ef6f9e4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenProcess                                                                                                                                                                                                                                fffff800ef69bd90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenProcessToken                                                                                                                                                                                                                           fffff800ef69b71c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenProcessTokenEx                                                                                                                                                                                                                         fffff800ef69b730 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenResourceManager                                                                                                                                                                                                                        fffff800ef27e070 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwOpenSection                                                                                                                                                                                                                                fffff800ef68ec10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenSemaphore                                                                                                                                                                                                                              fffff800ef705f78 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenSession                                                                                                                                                                                                                                fffff800ef7654a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenSymbolicLinkObject                                                                                                                                                                                                                     fffff800ef68e384 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenThread                                                                                                                                                                                                                                 fffff800ef69b388 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenThreadToken                                                                                                                                                                                                                            fffff800ef65af68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenThreadTokenEx                                                                                                                                                                                                                          fffff800ef65af80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenTimer                                                                                                                                                                                                                                  fffff800ef8e8df8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenTransaction                                                                                                                                                                                                                            fffff800ef27e078 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwOpenTransactionManager                                                                                                                                                                                                                     fffff800ef27e080 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPlugPlayControl                                                                                                                                                                                                                            fffff800ef73dd54 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPowerInformation                                                                                                                                                                                                                           fffff800ef731334 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPrePrepareComplete                                                                                                                                                                                                                         fffff800ef27e088 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrePrepareEnlistment                                                                                                                                                                                                                       fffff800ef27e090 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrepareComplete                                                                                                                                                                                                                            fffff800ef27e098 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrepareEnlistment                                                                                                                                                                                                                          fffff800ef27e0a0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrivilegeCheck                                                                                                                                                                                                                             fffff800ef6a3a34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPrivilegeObjectAuditAlarm                                                                                                                                                                                                                  fffff800ef77cff0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPrivilegedServiceAuditAlarm                                                                                                                                                                                                                fffff800ef7099ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPropagationComplete                                                                                                                                                                                                                        fffff800ef27e0a8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPropagationFailed                                                                                                                                                                                                                          fffff800ef27e0b0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwProtectVirtualMemory                                                                                                                                                                                                                       fffff800ef64c4f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPulseEvent                                                                                                                                                                                                                                 fffff800ef643774 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryAttributesFile                                                                                                                                                                                                                        fffff800ef68f150 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryBootEntryOrder                                                                                                                                                                                                                        fffff800ef8ed67c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryBootOptions                                                                                                                                                                                                                           fffff800ef8ed8e4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDebugFilterState                                                                                                                                                                                                                      fffff800ef353ed0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryDefaultLocale                                                                                                                                                                                                                         fffff800ef6fc440 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDefaultUILanguage                                                                                                                                                                                                                     fffff800ef780f28 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDirectoryFile                                                                                                                                                                                                                         fffff800ef67f8a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDirectoryObject                                                                                                                                                                                                                       fffff800ef6814f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDriverEntryOrder                                                                                                                                                                                                                      fffff800ef8edbd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryEaFile                                                                                                                                                                                                                                fffff800ef72aeac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryEvent                                                                                                                                                                                                                                 fffff800ef6f292c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryFullAttributesFile                                                                                                                                                                                                                    fffff800ef68ee80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationAtom                                                                                                                                                                                                                       fffff800ef6c350c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationEnlistment                                                                                                                                                                                                                 fffff800ef27e0b8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationFile                                                                                                                                                                                                                       fffff800ef666c70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationJobObject                                                                                                                                                                                                                  fffff800ef687880 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationPort                                                                                                                                                                                                                       fffff800ef89c630 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationProcess                                                                                                                                                                                                                    fffff800ef689b30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationResourceManager                                                                                                                                                                                                            fffff800ef27e0c0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationThread                                                                                                                                                                                                                     fffff800ef689040 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationToken                                                                                                                                                                                                                      fffff800ef6725d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationTransaction                                                                                                                                                                                                                fffff800ef27e0c8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationTransactionManager                                                                                                                                                                                                         fffff800ef27e0d0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationWorkerFactory                                                                                                                                                                                                              fffff800ef48d3d4 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInstallUILanguage                                                                                                                                                                                                                     fffff800ef705754 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryIntervalProfile                                                                                                                                                                                                                       fffff800ef75739c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryIoCompletion                                                                                                                                                                                                                          fffff800ef877614 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryKey                                                                                                                                                                                                                                   fffff800ef65c890 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryLicenseValue                                                                                                                                                                                                                          fffff800ef6d85cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryMultipleValueKey                                                                                                                                                                                                                      fffff800ef705854 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryMutant                                                                                                                                                                                                                                fffff800ef70aba4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryObject                                                                                                                                                                                                                                fffff800ef6dd780 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryOpenSubKeys                                                                                                                                                                                                                           fffff800ef858ff4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryOpenSubKeysEx                                                                                                                                                                                                                         fffff800ef8591a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryPerformanceCounter                                                                                                                                                                                                                    fffff800ef6eb3e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryPortInformationProcess                                                                                                                                                                                                                fffff800ef8bb0f4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryQuotaInformationFile                                                                                                                                                                                                                  fffff800ef878aa0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySection                                                                                                                                                                                                                               fffff800ef6c2258 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySecurityAttributesToken                                                                                                                                                                                                               fffff800ef674ab0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySecurityObject                                                                                                                                                                                                                        fffff800ef68ddc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySemaphore                                                                                                                                                                                                                             fffff800ef70bb64 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySymbolicLinkObject                                                                                                                                                                                                                    fffff800ef6ecdf8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemEnvironmentValue                                                                                                                                                                                                                fffff800ef8edee8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemEnvironmentValueEx                                                                                                                                                                                                              fffff800ef780270 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemInformation                                                                                                                                                                                                                     fffff800ef662c90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemInformationEx                                                                                                                                                                                                                   fffff800ef6fd75c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemTime                                                                                                                                                                                                                            fffff800ef2d9350 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryTimer                                                                                                                                                                                                                                 fffff800ef8e8e9c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryTimerResolution                                                                                                                                                                                                                       fffff800ef70cdf8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryValueKey                                                                                                                                                                                                                              fffff800ef65d0c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryVirtualMemory                                                                                                                                                                                                                         fffff800ef65a39c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryVolumeInformationFile                                                                                                                                                                                                                 fffff800ef68d510 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryWnfStateData                                                                                                                                                                                                                          fffff800ef69ee8c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryWnfStateNameInformation                                                                                                                                                                                                               fffff800ef704f98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueueApcThread                                                                                                                                                                                                                             fffff800ef7008c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueueApcThreadEx                                                                                                                                                                                                                           fffff800ef7008f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRaiseException                                                                                                                                                                                                                             fffff800ef3bf850 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRaiseHardError                                                                                                                                                                                                                             fffff800ef8ef7ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadFile                                                                                                                                                                                                                                   fffff800ef67efd0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadFileScatter                                                                                                                                                                                                                            fffff800ef70b08c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadOnlyEnlistment                                                                                                                                                                                                                         fffff800ef27e0d8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwReadRequestData                                                                                                                                                                                                                            fffff800ef89c6ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadVirtualMemory                                                                                                                                                                                                                          fffff800ef649188 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRecoverEnlistment                                                                                                                                                                                                                          fffff800ef27e0e0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRecoverResourceManager                                                                                                                                                                                                                     fffff800ef27e0e8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRecoverTransactionManager                                                                                                                                                                                                                  fffff800ef27e0f0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRegisterProtocolAddressInformation                                                                                                                                                                                                         fffff800ef27e238 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRegisterThreadTerminatePort                                                                                                                                                                                                                fffff800ef71247c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseKeyedEvent                                                                                                                                                                                                                          fffff800ef70ad00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseMutant                                                                                                                                                                                                                              fffff800ef6e0860 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseSemaphore                                                                                                                                                                                                                           fffff800ef6ea5a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseWorkerFactoryWorker                                                                                                                                                                                                                 fffff800ef32ed70 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRemoveIoCompletion                                                                                                                                                                                                                         fffff800ef6ddf20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRemoveIoCompletionEx                                                                                                                                                                                                                       fffff800ef6ff1d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRemoveProcessDebug                                                                                                                                                                                                                         fffff800ef86d3d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRenameKey                                                                                                                                                                                                                                  fffff800ef859468 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRenameTransactionManager
         
Den Rest des GMMER-Logs füge ich als Text-Datei an, sonst habe ich 50 Beiträge mehr.

Link zum Rest des Logs
https://drive.google.com/open?id=0Bx1u3DoFeTwiNFNodkRBWE1BbDA

Wo soll ich die TXT alternativ hochladen, wenn die Logs zu lang sind?
__________________

Geändert von dennissteins (05.03.2016 um 11:39 Uhr) Grund: ERGÄNZUNG

Alt 05.03.2016, 12:26   #4
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



FRST


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016
durchgeführt von DennisSteins (Administrator) auf DESKTOP-8JAMQ99 (05-03-2016 11:46:23)
Gestartet von C:\Users\DennisSteins\Desktop
Geladene Profile: DennisSteins (Verfügbare Profile: DennisSteins)
Platform: Windows 10 Pro N Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\NIS.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\ssDVAgent.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\NIS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\NIS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\fvenotify.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Users\DennisSteins\Desktop\NPE.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\21691C96-CD04-4DE4-A732-BD74F8E8CAE9\DismHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SymantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [3398512 2015-09-17] (Symantec Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8500480 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [SterJo NetStalker] => C:\Users\DennisSteins\AppData\Local\SterJo NetStalker\NetStalker.exe [797320 2015-08-05] (SterJo Software)
HKU\S-1-5-21-1588380176-3052337467-402927636-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10518528 2015-10-13] (SecureMix LLC)
HKU\S-1-5-21-1588380176-3052337467-402927636-1001\...\RunOnce: [*NPE] => C:\Users\DennisSteins\Desktop\NPE.exe [10079720 2016-02-28] (Symantec Corporation)
HKU\S-1-5-21-1588380176-3052337467-402927636-1001\...\MountPoints2: {81efb40b-e24f-11e5-a596-806e6f6e6963} - "D:\autorun.bat" 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f2489acc-71bf-49d0-abd5-65e78ca6e808}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default
FF NetworkProxy: "type", 0
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Extension: BetterPrivacy - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-03-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-03-05]
FF Extension: NoScript - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-03-05]
FF Extension: AdBlock Ultimate - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-03-05]
FF Extension: Google search link fix - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2016-03-05]
FF Extension: uBlock Origin - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-05]
FF Extension: uBlock - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2016-03-05]
FF Extension: Adblock Plus - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-05]
FF Extension: Adblock Edge - C:\Users\DennisSteins\AppData\Roaming\Mozilla\Firefox\Profiles\ritkosec.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFPlgn [2016-03-05] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NoScript Suite Lite) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnanjpbkghcdgmlchbcfoiefnifjeni [2016-03-05]
CHR Extension: (Google Drive) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Norton Security Toolbar) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-04]
CHR Extension: (uBlock Origin) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-03-05]
CHR Extension: (Google-Suche) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (uBlock) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-03-05]
CHR Extension: (ScriptBlock) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2016-03-05]
CHR Extension: (Norton Identity Safe) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-03-04]
CHR Extension: (UNOFFICIAL uBlock Beta) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjagjnchnnlgiafjjlahaedeagnmhefi [2016-03-05]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-04]
CHR Extension: (App Inspector for Sencha™) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbeapidedgdpniokbedbfbaacglkceae [2016-03-05]
CHR Extension: (Google Mail) - C:\Users\DennisSteins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\Exts\Chrome.crx [2016-03-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\Exts\Chrome.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8902144 2015-10-13] (SecureMix LLC)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-08-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\NIS.exe [282016 2015-10-05] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [313584 2015-08-07] (Realtek Semiconductor)
R2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [191856 2015-09-17] (Symantec Corporation)
R2 ssPaSetMgr; C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [138272 2015-09-17] (Symantec Corporation)
R2 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [456520 2016-01-27] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BHDrvx64; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2016-02-12] (Symantec Corporation)
R1 ccSet_Cloud; C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [167072 2015-09-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R1 IDSVia64; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\IPSDefs\20160304.001\IDSvia64.sys [767224 2016-03-04] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 NAVENG; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\VirusDefs\20160304.020\ENG64.SYS [138488 2016-02-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\VirusDefs\20160304.020\EX64.SYS [2148080 2016-02-04] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-17] (Realtek                                            )
R1 SMR501; C:\Windows\System32\drivers\SMR501.SYS [111288 2016-03-05] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

========================== MD5 Treiber =======================

C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 6B6C39AB2CD7BEB6CFF624522E5449DE
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys F71FCE3C16F5B15FDD84580AA067C749
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys 2BBD3A492B93C7E669D01EE88977D7DE
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys 9CF4428D09C73B6F633AF9E58B835689
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys 72F5000354C73B0603F4B7D32371DA61
C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys C6338DA08B6FD43D860B1EC609126FF8
C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys 5A1C7DBDDB001BC6F1D1720E655445E2
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys 9F2AE73C6D42BA8573F8BF5E6860D5B8
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\csc.sys 5D578EAAFB6FD4F59523E5878B541296
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\System32\Drivers\dfsc.sys C9478D7DB7BE5D7ACE65CB1167F07320
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\system32\DRIVERS\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys A2512BC5F2ABD84D8B3CB0D76ADB749A
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys DB817375F4D6D3F2556DE7777775D885
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys A47F76D4AAFD6193AAC5E049C560213D
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys 03DE0EC072C5EBD5B018CAD83F1E522A
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F12AB59336143B680F71B217B495AD2
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 421497634C86EF4B8F86D0EBC076728F
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\system32\DRIVERS\gwdrv.sys 77621A3DF170D246DC744CD0767BFAB3
C:\Windows\system32\DRIVERS\HdAudio.sys 0F93EBE9071A6BB1548BF0F816EEA24B
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys A403DAE4B083EB96BC6CEDB47639B4F8
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\IPSDefs\20160304.001\IDSvia64.sys 3448DB2B812AA873ED6E5D609B1DB067
C:\Windows\system32\DRIVERS\igdkmd64.sys 8BEA7EDDCDBFC511B1DBCDD3FAD4A42B
C:\Windows\system32\drivers\RTKVHD64.sys 828457B6E98CD512A68CC80F3DF41F70
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 903E6E28309F1566E58BCBD43F46C010
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\System32\drivers\TeeDriverW8x64.sys E7C9F74D8CAAB1FF7964C27C070FB16C
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\system32\drivers\mrxdav.sys 37C9EC0398BFC22C616711E41AE157D5
C:\Windows\System32\DRIVERS\mrxsmb.sys 61F9F27A8C3D7BCD287FE98A440421CE
C:\Windows\System32\DRIVERS\mrxsmb10.sys CCAD845F4D21D0E0E0468205EE865473
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A934DF064C503A31683DD7EECDBD327A
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys 536A0806CE2061A2157E65D4D8ABF30C
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\VirusDefs\20160304.020\ENG64.SYS FE7B38240E86075E6BC5953496B5C2F1
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\VirusDefs\20160304.020\EX64.SYS C002FA84570CA35F704ACF0AC4A5EAB0
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys AFAECF904F1C343EBD50F91BC8D0DBE8
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys F6A2D0EC594A1039B0F9D42BB8EC0BD3
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0
C:\Windows\System32\drivers\pci.sys 1D4E995955BDAE781C46CB97AE1CFB58
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 48F3A3222CF340FE31535CB6D49C6D6F
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys 381B8F2311A0375676B635EA5E7C8AB0
C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\drivers\rt640x64.sys 12A3D1530E3F67B8664EBA923A3981E4
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys E1137E39C3BB3EF9AF2243745D901D60
C:\Windows\System32\drivers\sdstor.sys 6A7F720BB322F8471FB40F42DD201290
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 88D58E1DAA6C5062DD3A26273106961F
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\SMR501.SYS F1EF22A6A458E04F7153C0595EAB7C7B
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\system32\drivers\NISx64\1605040.018\SRTSP64.SYS BFA32A566B958EF5A1D6383F3CB03AA2
C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS BA2ABBEA69BD1866C973DE11CB0CE9F8
C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34
C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5
C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS C9EC22D5B3C6B32A7C8B4A73870A7379
C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys 1DE0CBF15AC67AE0E5B456ADEFB89493
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 6DF8F618B93C821630C9BAA8DA3FAAAF
C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS 0891E59A27208B9B727BAB863B853E80
C:\Windows\system32\drivers\NISx64\1605040.018\SYMNETS.SYS 751C968945EFD42469FE52D6CE384196
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys E94274E6E163B63A12A5242CC8D0B39D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5
C:\Windows\System32\drivers\tsusbflt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 3995CC3DEDED258768B8EBC2F4C0DC73
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 5F0D997E6FC5A418D7673148CEF72887
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys DB630FC660443D63EBAB2C830C298EFE
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys 12A0B486EA13DF46C27B90CC2CE92FE5
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\System32\drivers\usbser.sys CA6369870F91F3D367D26278E0AD0DDF
C:\Windows\System32\drivers\USBSTOR.SYS 37C2CD8587BF7F785381EB7B26916B52
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\drivers\USBXHCI.SYS 325727F01F03C504CF788618A13DC266
C:\Windows\system32\DRIVERS\VBoxDrv.sys 56A40C50DACA4B2A8FE575719A80FFEF
C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys BAA1E8628FB937117BC414729518FDB0
C:\Windows\system32\DRIVERS\VBoxNetLwf.sys C4E3F166FCC152D688AB442EF424A64A
C:\Windows\system32\DRIVERS\VBoxUSBMon.sys FC36273AADBF4F4EC8F9CA1672E792FE
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\system32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys E70DDD8E2245CC67547B0861983912D8
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys 413093D680826762AC809D0B65E17BE5
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys 80BC02A73A3949A7AEF34791206C7D7F
C:\Windows\System32\drivers\xinputhid.sys 1F1EF8E701859581251B52035C1C1CEF

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Drei Monate: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-05 11:46 - 2016-03-05 11:46 - 00041902 _____ C:\Users\DennisSteins\Desktop\FRST.txt
2016-03-05 11:44 - 2016-03-05 11:45 - 02374144 _____ (Farbar) C:\Users\DennisSteins\Desktop\FRST64.exe
2016-03-05 11:03 - 2016-03-05 11:43 - 00000530 _____ C:\Windows\system32\Drivers\SMR501.dat
2016-03-05 11:03 - 2016-03-05 11:03 - 00111288 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR501.SYS
2016-03-05 01:48 - 2016-03-05 01:48 - 00001225 _____ C:\Users\DennisSteins\Cookies - Verknüpfung.lnk
2016-03-05 01:30 - 2016-03-05 01:30 - 00000000 _____ C:\Users\DennisSteins\Desktop\Neues Textdokument.txt
2016-03-05 01:11 - 2016-03-05 01:11 - 00000000 ____D C:\Users\DennisSteins\VirtualBox VMs
2016-03-05 01:09 - 2016-03-05 01:55 - 00000000 ____D C:\Users\DennisSteins\.VirtualBox
2016-03-05 01:07 - 2016-03-05 01:16 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\Mozilla
2016-03-05 01:07 - 2016-03-05 01:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-05 01:07 - 2016-03-05 01:07 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-05 01:07 - 2016-03-05 01:07 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-05 01:07 - 2016-03-05 01:07 - 00001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-03-05 01:07 - 2016-03-05 01:07 - 00000000 ____D C:\Users\DennisSteins\AppData\Roaming\Mozilla
2016-03-05 01:07 - 2016-03-05 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-05 01:07 - 2016-03-05 01:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-05 01:07 - 2016-03-04 17:29 - 00982504 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-03-05 01:06 - 2016-03-05 01:06 - 00000000 ____D C:\Program Files\Oracle
2016-03-05 01:06 - 2016-03-04 17:29 - 00148808 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-03-05 01:04 - 2016-03-05 01:06 - 00242312 _____ C:\Users\DennisSteins\Downloads\Firefox Setup Stub 44.0.2.exe
2016-03-05 01:04 - 2016-03-05 01:05 - 120421344 _____ (Oracle Corporation) C:\Users\DennisSteins\Downloads\VirtualBox-5.0.16-105871-Win.exe
2016-03-05 01:00 - 2016-03-05 01:04 - 00002803 _____ C:\Users\DennisSteins\Downloads\FSS.txt
2016-03-05 00:59 - 2016-03-05 01:05 - 00048908 _____ C:\TDSSKiller.3.1.0.9_05.03.2016_00.59.52_log.txt
2016-03-05 00:59 - 2016-03-05 01:00 - 00899584 _____ (Farbar) C:\Users\DennisSteins\Downloads\FSS.exe
2016-03-05 00:55 - 2016-03-05 00:56 - 00048942 _____ C:\TDSSKiller.3.1.0.9_05.03.2016_00.55.56_log.txt
2016-03-05 00:48 - 2016-03-05 00:59 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\DennisSteins\Downloads\tdsskiller.exe
2016-03-05 00:48 - 2016-03-05 00:55 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\DennisSteins\Downloads\tdsskiller (1).exe
2016-03-05 00:35 - 2016-03-05 00:35 - 615672966 _____ C:\Windows\MEMORY.DMP
2016-03-05 00:35 - 2016-03-05 00:35 - 00000000 ____D C:\Windows\Minidump
2016-03-05 00:31 - 2016-03-05 00:31 - 00380416 _____ C:\Users\DennisSteins\Downloads\Gmer-19357.exe
2016-03-05 00:20 - 2016-03-05 00:21 - 21909152 _____ (SecureMix LLC) C:\Users\DennisSteins\Downloads\GlassWireSetup.exe
2016-03-05 00:17 - 2016-03-05 00:21 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\SterJo NetStalker
2016-03-05 00:17 - 2016-03-05 00:17 - 00001251 _____ C:\Users\Public\Desktop\SterJo NetStalker.lnk
2016-03-05 00:17 - 2016-03-05 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SterJo NetStalker
2016-03-05 00:17 - 2005-04-15 20:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2016-03-05 00:07 - 2016-03-05 00:07 - 00000000 ____D C:\ProgramData\McAfee
2016-03-05 00:05 - 2016-03-05 00:05 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-03-05 00:05 - 2016-03-05 00:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-05 00:05 - 2016-03-05 00:05 - 00000000 ____D C:\Program Files\MSBuild
2016-03-05 00:05 - 2016-03-05 00:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-05 00:05 - 2016-03-05 00:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-05 00:03 - 2016-03-05 11:43 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\NPE
2016-03-05 00:02 - 2016-03-05 00:02 - 17091624 _____ C:\Users\DennisSteins\Downloads\Windows6.1-KB958559-x64-RefreshPkg (1).msu
2016-03-04 23:58 - 2016-03-05 00:01 - 00000000 ____D C:\Windows\system32\MRT
2016-03-04 23:58 - 2016-03-04 23:58 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-04 23:57 - 2016-03-04 23:57 - 00001970 _____ C:\Users\DennisSteins\Desktop\GlassWire.lnk
2016-03-04 23:57 - 2016-03-04 23:57 - 00000000 ____D C:\Users\DennisSteins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-03-04 23:57 - 2016-03-04 23:57 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\GlassWire
2016-03-04 23:57 - 2016-03-04 23:57 - 00000000 ____D C:\ProgramData\GlassWire
2016-03-04 23:57 - 2016-03-04 23:57 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-03-04 23:57 - 2015-05-29 05:30 - 00008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-03-04 23:57 - 2015-05-29 05:15 - 00033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-03-04 23:56 - 2016-03-04 23:56 - 00016414 _____ C:\Windows\system32\results.xml
2016-03-04 23:55 - 2016-03-05 11:01 - 00000000 __SHD C:\Users\DennisSteins\IntelGraphicsProfiles
2016-03-04 23:48 - 2016-03-04 23:48 - 00000000 ____D C:\Windows\system32\SRSLabs
2016-03-04 23:48 - 2016-03-04 23:48 - 00000000 ____D C:\Program Files\Realtek
2016-03-04 23:48 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2016-03-04 23:48 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-04 23:48 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-03-04 23:47 - 2016-03-04 23:48 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-03-04 23:47 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2016-03-04 23:47 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-03-04 23:47 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-04 23:45 - 2016-03-04 06:55 - 00940192 _____ (SterJo Software ) C:\Users\DennisSteins\Desktop\netstalker_setup.exe
2016-03-04 23:45 - 2016-03-04 05:58 - 02518032 _____ (Microsoft Corporation) C:\Users\DennisSteins\Desktop\dotnetfx30SP1setup.exe
2016-03-04 23:45 - 2016-02-28 09:31 - 10079720 _____ (Symantec Corporation) C:\Users\DennisSteins\Desktop\NPE.exe
2016-03-04 23:44 - 2016-03-04 06:27 - 48524296 _____ (Microsoft Corporation) C:\Users\DennisSteins\Desktop\NetFx20SP2_x64.exe
2016-03-04 23:44 - 2016-03-04 06:05 - 13954552 _____ (IDRIX) C:\Users\DennisSteins\Desktop\veracrypt_setup_1.17(1).exe
2016-03-04 23:42 - 2016-03-04 23:42 - 17091624 _____ C:\Users\DennisSteins\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2016-03-04 23:37 - 2016-03-04 23:39 - 02959376 _____ (Microsoft Corporation) C:\Users\DennisSteins\Downloads\dotnetfx35setup.exe
2016-03-04 23:29 - 2016-03-04 23:29 - 00000724 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2016-03-04 23:29 - 2016-03-04 23:29 - 00000712 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-03-04 23:29 - 2015-08-10 06:52 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-03-04 23:28 - 2016-03-05 11:01 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-04 23:28 - 2016-03-04 23:28 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-03-04 23:24 - 2016-03-04 23:35 - 00000000 ____D C:\Program Files\Intel
2016-03-04 23:24 - 2016-03-04 23:29 - 00000000 ____D C:\Program Files (x86)\Intel
2016-03-04 23:24 - 2016-03-04 23:24 - 00000000 ____D C:\ProgramData\Intel
2016-03-04 23:23 - 2016-03-04 23:23 - 00000000 ____D C:\Users\DennisSteins\Intel
2016-03-04 23:21 - 2016-03-04 23:21 - 00000000 ____D C:\Windows\Hewlett-Packard
2016-03-04 23:20 - 2016-03-04 23:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-04 23:20 - 2016-03-04 23:20 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-03-04 23:20 - 2015-07-17 20:49 - 00886528 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2016-03-04 23:20 - 2015-07-17 20:49 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-03-04 23:13 - 2016-03-04 23:14 - 00000000 ____D C:\Windows\HP
2016-03-04 23:07 - 2016-03-04 23:07 - 00000279 _____ C:\Users\DennisSteins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2016-03-04 23:06 - 2016-03-04 23:06 - 00000000 ____H C:\Users\DennisSteins\Documents\Default.rdp
2016-03-04 23:05 - 2016-03-04 23:05 - 00000964 _____ C:\Users\DennisSteins\Desktop\FritzBox UPnP-1.0 AVM - Verknüpfung.lnk
2016-03-04 23:05 - 2016-03-04 23:05 - 00000960 _____ C:\Users\DennisSteins\Desktop\FRITZ!Box 7362 SL (UI) - Verknüpfung.lnk
2016-03-04 22:55 - 2016-03-05 00:42 - 00000000 ____D C:\Windows\System32\Tasks\Endpoint Protection.cloud
2016-03-04 22:54 - 2016-03-04 23:48 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\CrashDumps
2016-03-04 22:51 - 2016-03-05 11:42 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-04 22:51 - 2016-03-05 11:42 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-04 22:51 - 2016-03-05 01:25 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\Google
2016-03-04 22:51 - 2016-03-04 22:51 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-03-04 22:51 - 2016-03-04 22:51 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-03-04 22:51 - 2016-03-04 22:51 - 00003420 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-03-04 22:51 - 2016-03-04 22:51 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-04 22:50 - 2016-03-05 11:02 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 22:50 - 2016-03-04 23:01 - 00004208 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-04 22:50 - 2016-03-04 23:01 - 00003976 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-04 22:50 - 2016-03-04 23:01 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 22:49 - 2016-03-05 00:03 - 00000000 ____D C:\ProgramData\Norton
2016-03-04 22:49 - 2016-03-04 22:50 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\MicrosoftEdge
2016-03-04 22:49 - 2016-03-04 22:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-04 22:49 - 2016-03-04 22:49 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-03-04 22:49 - 2016-03-04 22:49 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-04 22:49 - 2016-03-04 22:49 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-04 22:48 - 2016-03-04 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec.cloud
2016-03-04 22:47 - 2016-03-04 22:48 - 00000000 ____D C:\Windows\SysWOW64\Drivers\Symantec.cloud
2016-03-04 22:47 - 2015-12-09 13:00 - 05565384 _____ (Piriform Ltd) C:\Users\DennisSteins\Desktop\ccsetup512_slim.exe
2016-03-04 22:47 - 2015-12-03 10:51 - 45383248 _____ (Google Inc.) C:\Users\DennisSteins\Desktop\ChromeStandaloneSetup.exe
2016-03-04 22:47 - 2015-11-26 14:16 - 37999376 _____ (Wireshark development team) C:\Users\DennisSteins\Desktop\Wireshark-win32-2.0.0.exe
2016-03-04 22:47 - 2015-11-06 07:36 - 21872216 _____ (SecureMix LLC) C:\Users\DennisSteins\Desktop\GlassWireSetup_1.1.32.exe
2016-03-04 22:44 - 2015-12-03 13:52 - 00829855 _____ C:\Users\DennisSteins\Desktop\rufus-2.5.zip
2016-03-04 22:43 - 2016-03-05 11:46 - 00000000 ____D C:\ProgramData\Symantec.cloud
2016-03-04 22:43 - 2016-03-05 11:24 - 00000000 ____D C:\Users\DennisSteins\Desktop\Neuer Ordner
2016-03-04 22:43 - 2016-03-04 22:55 - 00000000 ____D C:\Program Files\Symantec.cloud
2016-03-04 22:43 - 2016-03-04 22:45 - 00000000 ____D C:\Users\DennisSteins\Desktop\SuitSave
2016-03-04 22:43 - 2016-03-04 22:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-03-04 22:43 - 2016-03-01 02:41 - 03449864 _____ (Symantec Corporation) C:\Users\DennisSteins\Desktop\SymantecExtractor.exe
2016-03-04 22:42 - 2016-03-04 22:42 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\ActiveSync
2016-03-04 22:41 - 2016-03-04 22:41 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\Publishers
2016-03-04 22:40 - 2016-03-05 01:58 - 00000000 ____D C:\Users\DennisSteins
2016-03-04 22:40 - 2016-03-05 00:12 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\Packages
2016-03-04 22:40 - 2016-03-04 22:40 - 00000020 ___SH C:\Users\DennisSteins\ntuser.ini
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Vorlagen
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Startmenü
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Netzwerkumgebung
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Lokale Einstellungen
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Eigene Dateien
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Druckumgebung
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Documents\Eigene Videos
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Documents\Eigene Musik
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\Documents\Eigene Bilder
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 _SHDL C:\Users\DennisSteins\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 ____D C:\Users\DennisSteins\AppData\Roaming\Adobe
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\VirtualStore
2016-03-04 22:40 - 2016-03-04 22:40 - 00000000 ____D C:\Users\DennisSteins\AppData\Local\TileDataLayer
2016-03-04 22:39 - 2016-03-05 01:33 - 01799166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-04 22:37 - 2016-03-04 22:37 - 00000000 ____D C:\Windows\CSC
2016-03-04 22:37 - 2016-03-04 22:37 - 00000000 ____D C:\ProgramData\USOShared
2016-03-04 22:37 - 2015-10-30 08:15 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-03-04 22:33 - 2016-03-05 00:35 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\ProgramData\Vorlagen
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2016-03-04 22:33 - 2016-03-04 22:33 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2016-03-04 22:25 - 2016-03-04 22:25 - 00000000 ____D C:\Windows\ServiceProfiles
2016-03-04 22:24 - 2016-03-04 22:32 - 00000000 ____D C:\Windows\Panther
2016-03-04 22:24 - 2016-03-04 22:25 - 00189344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-04 22:16 - 2016-03-04 22:16 - 00000000 ____D C:\Windows.old
2016-03-04 21:22 - 2016-03-04 23:11 - 00000000 ____D C:\System.sav
2016-03-04 21:13 - 2016-03-04 23:30 - 00000000 ____D C:\swsetup
2016-03-04 21:05 - 2016-03-05 11:46 - 00000000 ____D C:\FRST
2016-03-04 20:20 - 2016-03-04 23:18 - 00000000 ____D C:\Intel
2016-03-04 17:29 - 2016-03-04 17:29 - 00205784 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2016-03-04 17:29 - 2016-03-04 17:29 - 00127456 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys

==================== Drei Monate: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-05 11:05 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\appcompat
2016-03-05 01:33 - 2015-10-30 20:20 - 00775524 _____ C:\Windows\system32\perfh007.dat
2016-03-05 01:33 - 2015-10-30 20:20 - 00155338 _____ C:\Windows\system32\perfc007.dat
2016-03-05 01:33 - 2015-10-30 08:19 - 00000000 ____D C:\Windows\INF
2016-03-05 01:16 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-05 00:17 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\AppReadiness
2016-03-05 00:12 - 2015-10-30 08:21 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-05 00:05 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-05 00:05 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\system32\MUI
2016-03-04 23:21 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-03-04 23:01 - 2015-10-30 08:21 - 00000000 ___RD C:\Windows\DevicesFlow
2016-03-04 22:51 - 2015-10-30 08:21 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-03-04 22:41 - 2015-10-30 08:21 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-04 22:41 - 2015-10-30 08:21 - 00000000 ___RD C:\Windows\PrintDialog
2016-03-04 22:41 - 2015-10-30 08:21 - 00000000 ___RD C:\Windows\MiracastView
2016-03-04 22:40 - 2015-10-30 08:21 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-03-04 22:39 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\rescache
2016-03-04 22:37 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\system32\spool
2016-03-04 22:37 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-04 22:37 - 2015-10-30 08:21 - 00000000 ____D C:\ProgramData\USOPrivate
2016-03-04 22:33 - 2015-10-30 08:21 - 00000000 ____D C:\Program Files\Windows NT
2016-03-04 22:27 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-04 22:24 - 2015-10-30 08:21 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {4e7ebe6b-7ead-11e5-a454-a80b0d9f9eec}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {4e7ebe69-7ead-11e5-a454-a80b0d9f9eec}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4e7ebe6a-7ead-11e5-a454-a80b0d9f9eec}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  de-DE
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4e7ebe6a-7ead-11e5-a454-a80b0d9f9eec}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 10
locale                  de-DE
inherit                 {bootloadersettings}
recoveryenabled         No
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4e7ebe6b-7ead-11e5-a454-a80b0d9f9eec}
nx                      OptIn
bootmenupolicy          Standard

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {4e7ebe6b-7ead-11e5-a454-a80b0d9f9eec}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
recoveryenabled         No
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 No

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-----------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {4e7ebe6a-7ead-11e5-a454-a80b0d9f9eec}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-03-04 22:24

==================== Ende von FRST.txt ============================
         
--- --- ---


FRST ADDITIONAL

FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016
durchgeführt von DennisSteins (2016-03-05 11:47:11)
Gestartet von C:\Users\DennisSteins\Desktop
Windows 10 Pro N Version 1511 (X64) (2016-03-04 21:37:49)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1588380176-3052337467-402927636-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-1588380176-3052337467-402927636-503 - Limited - Disabled)
DennisSteins (S-1-5-21-1588380176-3052337467-402927636-1001 - Administrator - Enabled) => C:\Users\DennisSteins
Gast (S-1-5-21-1588380176-3052337467-402927636-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Symantec Endpoint Protection.cloud (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection.cloud (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection.cloud (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.32 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
SterJo NetStalker (HKLM-x32\...\{E697E00B-6119-417B-9F1F-AC3F1E05F39E}_is1) (Version: 1.2 - SterJo Software)
Symantec Endpoint Protection.cloud (x32 Version: 22.5.4.24 - Symantec Corporation) Hidden
Symantec.cloud - Cloud Agent (Version: 2.03.71.2618 - Symantec Corporation) Hidden
Symantec.cloud - Endpoint Protection (Version: 6.10.20.731 - Symantec Corporation) Hidden
Symantec.cloud (HKLM\...\Symantec Hosted Services ARP) (Version:  - Symantec Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {428941E5-45F8-407A-807E-A414AF6B0C88} - System32\Tasks\Endpoint Protection.cloud\Norton Autofix => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {5E3EF3DC-7925-43A1-9818-7DE9CD04545E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {8CFED911-8F1A-4EC8-9D9E-A9E0FEAADC3E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\WSCStub.exe [2015-09-24] (Symantec Corporation)
Task: {B45034CC-4564-40F1-8C71-152E36903781} - System32\Tasks\Endpoint Protection.cloud\Norton Error Processor => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {BCE865EE-3F59-4B6A-B254-664C994B8E27} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-04] (Microsoft Corporation)
Task: {D2C64C49-F7BB-48CD-A406-EC5CE35DC799} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {F372AD42-1808-4F43-973C-78C31351456D} - System32\Tasks\Endpoint Protection.cloud\Norton Error Analyzer => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:16 - 2015-10-30 08:16 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-10-30 08:16 - 2015-10-30 08:16 - 02652784 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-08-18 02:27 - 2015-08-18 02:27 - 00405416 _____ () C:\Windows\system32\igfxTray.exe
2015-10-30 08:16 - 2015-10-30 08:16 - 02652784 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-30 08:16 - 2015-10-30 08:16 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:16 - 2015-10-30 08:16 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 08:17 - 2015-10-30 20:23 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 08:17 - 2015-10-30 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 08:17 - 2015-10-30 20:23 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 08:17 - 2015-10-30 20:23 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-13 15:56 - 2015-10-13 15:56 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:21 - 2015-10-30 08:19 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1588380176-3052337467-402927636-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1588380176-3052337467-402927636-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9CBD8CBF-2CBB-47A2-895C-CB36DE633AF1}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{C69732B9-CB7D-46A8-9A7E-9E11917BE850}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{E9DDF400-7ED4-4743-B785-055E87DD485C}] => (Block) c:\windows\system32\svchost.exe
FirewallRules: [{F4FCB4B4-1245-4ECF-9F82-461F807F9F6A}] => (Block) c:\windows\system32\svchost.exe
FirewallRules: [{0FFFBED5-1518-4772-8BF6-4A4C46ACBF0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D539BD18-19A8-4E4F-A506-1057F6410476}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6431E0CB-1D01-488D-B8EE-128AEF38AA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

04-03-2016 23:01:20 rrrrr

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Microsoft Device Association Root Enumerator
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/05/2016 11:01:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (03/05/2016 11:01:19 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/05/2016 01:29:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/05/2016 01:09:12 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/05/2016 12:45:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 10.0.10586.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5b8

Startzeit: 01d1766ed2219fe7

Beendigungszeit: 0

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 2389183e-e263-11e5-a599-480fcf36522a

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (03/05/2016 12:42:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/05/2016 12:42:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (03/05/2016 12:42:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/05/2016 12:42:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-8JAMQ99)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/05/2016 12:41:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NetStalker.exe, Version 1.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1890

Startzeit: 01d1766f2fdcf013

Beendigungszeit: 9

Anwendungspfad: C:\Users\DennisSteins\AppData\Local\SterJo NetStalker\NetStalker.exe

Berichts-ID: 840d3389-e262-11e5-a599-480fcf36522a

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:


Systemfehler:
=============
Error: (03/05/2016 01:58:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8JAMQ99)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/05/2016 01:58:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/05/2016 01:54:18 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8JAMQ99)
Description: {B1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F}

Error: (03/05/2016 01:53:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_3d55c erreicht.

Error: (03/05/2016 01:53:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_3d55c" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/05/2016 01:53:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/05/2016 01:32:11 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/05/2016 01:29:04 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTNetzwerkdienstS-1-5-20LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/05/2016 01:19:49 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (03/05/2016 01:19:41 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


CodeIntegrity:
===================================
  Date: 2016-03-05 00:41:57.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-04 23:59:16.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-04 22:27:13.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU G3250 @ 3.20GHz
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 4021.78 MB
Verfügbarer physikalischer RAM: 1528.87 MB
Summe virtueller Speicher: 5429.78 MB
Verfügbarer virtueller Speicher: 2674.29 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:98.08 GB) (Free:52.57 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.95 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CF2227B8)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
         
--- --- ---

Bevor es hier weiter geht:

Folgende Antirootkit-Tools habe ich schon X-mal durchklaufen lassen, Sie finden etweder nichts oder das Rootkit bricht den Start sofort ab:

-Antirootkit Tool von Kaspersky TTSS
-Antirootkit Tool Antimalwarebytes und der "normale" Malewarescanner
-Antirootkit Tool von McAffe
-Antirootkit Tool von Bitdefender
-Antirootkit Tool von Sysinternals
-Antirootkit Too von TrendMirco

Außderdem finden fast alle Security-Suiten und AV-Software nichts, die
man als durchschnittsbürger bekommen kann.

Habe fast alles durch, auch schon AV-Rescure Disks und die Antirootkit-Tools nur von CD gestartet.

Ich schlage deshalb vor, das ich erstmal die logs der letzten Wochen poste, die etwas gefunden haben. Anschließend kann ich gerne alle nachreichen, wo noch Bedarf ist bzw. was helfen könnte.

Grundsätzlich zu der Logs:
Das Rootkit debuggt AV-Software und Browser, enweder mit Scripten, VB, Hooks oder der Angreifer selbst mit PowerShell. Die sind quasi zu vernachlässigen. Das ganze Betriebssystem hat ja auch nicht mehr viel mit dem Original Windows10 zu tun. Siehe z.B. Gmer-Log

aswMBR - auch nochmal frisch von heute

Code:
ATTFilter
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-03-05 12:10:48
-----------------------------
12:10:48.979    OS Version: Windows x64 6.2.9200 
12:10:48.979    Number of processors: 2 586 0x3C03
12:10:48.995    ComputerName: DESKTOP-8JAMQ99  UserName: DennisSteins
12:10:55.798    Initialize success
12:10:58.501    VM: initialized successfully
12:10:58.501    VM: Intel CPU BiosDisabled 
12:12:50.675    AVAST engine defs: 16030500
12:13:04.770    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
12:13:04.772    Disk 0 Vendor: TOSHIBA_MQ01ABD050 AX001U Size: 476940MB BusType: 11
12:13:04.842    Disk 0 MBR read successfully
12:13:04.846    Disk 0 MBR scan
12:13:04.868    Disk 0 Windows 7 default MBR code
12:13:04.888    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          500 MB offset 2048
12:13:04.905    Disk 0 Partition 2 00     07    HPFS/NTFS            100438 MB offset 1026048
12:13:04.942    Disk 0 Partition 3 00     0C    FAT32 LBA MSDOS5.0     2048 MB offset 206723072
12:13:04.983    Disk 0 scanning C:\Windows\system32\drivers
12:13:04.986    Service scanning
12:14:39.970    Modules scanning
12:14:40.517    Disk 0 trace - called modules:
12:14:40.548    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 
12:14:40.564    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000b9641060]
12:14:40.564    3 CLASSPNP.SYS[fffff80008b67d95] -> nt!IofCallDriver -> [0xffffe000b8353330]
12:14:40.564    5 ACPI.sys[fffff800082e1361] -> nt!IofCallDriver -> [0xffffe000b9513df0]
12:14:40.564    7 ACPI.sys[fffff800082e1361] -> nt!IofCallDriver -> \Device\0000002c[0xffffe000b9516400]
12:14:41.235    AVAST engine scan C:\Windows
12:14:41.251    AVAST engine scan C:\Windows\system32
12:14:41.267    AVAST engine scan C:\Windows\system32\drivers
12:14:41.267    AVAST engine scan C:\Users\DennisSteins
12:14:41.282    AVAST engine scan C:\ProgramData
12:14:41.282    Disk 0 statistics 218/0/0 @ 0,68 MB/s
12:14:41.282    Scan finished successfully
12:14:49.929    Disk 0 MBR has been saved successfully to "C:\Users\DennisSteins\Desktop\MBR.dat"
12:14:49.945    The log file has been saved successfully to "C:\Users\DennisSteins\Desktop\aswMBR.txt"
         
Zitat:
Zitat von dennissteins Beitrag anzeigen
Hallo,


wir sind seid mehreren Mobaten mit dem oben genannten Bootkit infiziert.
Betroffen sind 2 Laptops,1 Desktop Rechner iund ein Surface.
Die Malware infiziert sowohl Linux als auch Windows.
Formatierung der Festplatte und Neuinstallation hilft nicht, selbst nach Festplattenaustausch
(durch eine werksneue) ist die Malware noch da. Alle nisheigen Antiroozkit-Tools und Rescure-Disk können das Bootkit nicht entfernen.

Die versteckten Partition kann ich unter Linux mit einigen Tools sichtbar machen, z.b enthält die "Boot:X " einen Ordner "PseudoWindows", löschen lassen sich die "loop"Volumes nicht.

Alle Logs, Screens die ich habe,hänge ich in kürze an.
Die Links unten folgen auch gleich.



PS: Da ich schon in anderen Foren als "Spinner" und ähliches beschimpft wurde, bitte
mit den Links unten und dem Thema "Rootkit in der Hardware" beschäftigen, bevor Stichwörter wie "unmöglich" und ähnliches fallen.
Weitere Logs folgen später! Hier einige Links zum Bootkit:

Links zuM Bootkit:
https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html

hxxp://www.golem.de/news/nemesis-bootkit-neue-malware-befaellt-finanzinstitute-1512-117906.html

Geändert von dennissteins (05.03.2016 um 12:07 Uhr)

Alt 06.03.2016, 15:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Und wo genau meinst du jetzt eine Bootkit Infektion zu sehen?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.03.2016, 16:48   #6
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Dann mach ich mal munter weiter (bitte auch den Links zu den gesamten Logs folgen)

Chtchme-Antirrotkit (Vor Sart abgebrochen)
Code:
ATTFilter
detected NTDLL code modification:
ZwEnumerateKey 0 != 50, ZwQueryKey 0 != 22, ZwOpenKey 0 != 18, ZwClose 0 != 196623, ZwEnumerateValueKey 0 != 19, ZwQueryValueKey 0 != 23, ZwOpenFile 0 != 51, ZwQueryDirectoryFile 0 != 53, ZwQuerySystemInformation 0 != 54Initialization error

detected NTDLL code modification:
ZwEnumerateKey 0 != 50, ZwQueryKey 0 != 22, ZwOpenKey 0 != 18, ZwClose 0 != 196623, ZwEnumerateValueKey 0 != 19, ZwQueryValueKey 0 != 23, ZwOpenFile 0 != 51, ZwQueryDirectoryFile 0 != 53, ZwQuerySystemInformation 0 != 54Initialization error
         
GMER, die zweite (das ist nur das erste Drittel des Logs)

Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2016-03-07 16:44:05
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c WDC_WD5000AAKX-60U6AA0 rev.18.01H18 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwlcyuog.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [604:656]                                                                                                                                               fffff960a74c4060
Thread  C:\Windows\SYSTEM32\ntdll.dll [1748:1740]                                                                                                                                             0000000000962222
Thread  C:\Windows\SYSTEM32\ntdll.dll [1748:5460]                                                                                                                                             0000000070b4b3f6

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                                                                     0x39 0xB3 0x09 0x95 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                                                                 0xF9 0xF5 0xC3 0x85 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE                                                                                                                 4
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\PHLC0C5AU11323007322_17_07DD_14^45F413986BCDC4F094CA4D984474CF0C@Timestamp                                        0xA6 0x68 0xF2 0x96 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                                                      692
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{89773703-4642-4280-8AAC-61D400D9A876}\Connection@Name                                           Reusable ISATAP Interface {89773703-4642-4280-8AAC-61D400D9A876}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths                                                                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{04C959EC-C4CC-7476-D8FA-0C1628D731ED}                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{04C959EC-C4CC-7476-D8FA-0C1628D731ED}\Properties                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{04C959EC-C4CC-7476-D8FA-0C1628D731ED}\Properties\{a111f1f2-5923-47c0-9a68-d0bafb577901}                                
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{04C959EC-C4CC-7476-D8FA-0C1628D731ED}\Properties\{a111f1f2-5923-47c0-9a68-d0bafb577901}\0050                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{04C959EC-C4CC-7476-D8FA-0C1628D731ED}\Properties\{a111f1f2-5923-47c0-9a68-d0bafb577901}\0050@                          0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{087C76FC-16EF-798D-D56E-79E538F884E1}                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{087C76FC-16EF-798D-D56E-79E538F884E1}\Properties                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{087C76FC-16EF-798D-D56E-79E538F884E1}\Properties\{a111f1f2-5923-47c0-9a68-d0bafb577901}                                
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{087C76FC-16EF-798D-D56E-79E538F884E1}\Properties\{a111f1f2-5923-47c0-9a68-d0bafb577901}\0050                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindPaths\{087C76FC-16EF-798D-D56E-79E538F884E1}\Properties\{a111f1f2-5923-47c0-9a68-d0bafb577901}\0050@                          0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\BindRules                                                                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients                                                                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\Lookup                                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\Lookup@LanmanWorkstation                                                                                                  0x4E 0x4F 0x49 0x54 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004@                            0x4C 0x00 0x61 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x4C 0x00 0x61 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002@                            0x77 0x00 0x69 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004@                            0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x4E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x4D 0x00 0x53 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x80 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Clients\{54494F4E-5441-4B53-CCB9-061A6EC4BF6E}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters                                                                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Kernel@FilterClass                                                                 ms_implatform
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x4D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000c                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000c@                            0x4D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000e                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000e@                            0x4D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0014@                            0x00 0x00 0x00 0x40 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0x16 0x50 0x1C 0x17 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0014@                            0x42 0x00 0x72 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x49 0x00 0x6E 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{171C5016-3D19-4CB2-9556-63E586EE5010}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Kernel@UnbindOnAttach                                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Kernel@FilterClass                                                                 ms_medium_converter_bottom
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x57 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\001e                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\001e@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x65 0x00 0x74 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0x20 0x78 0xFD 0x3B ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0020                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0020@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x77 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x57 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x28 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{3BFD7820-D65C-4C1B-9FEA-983A019639EA}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Kernel@Optional                                                                    1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Kernel@FilterClass                                                                 ms_medium_converter_128
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x76 0x00 0x77 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0xBF 0x81 0xBF 0x5C ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0020                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0020@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x49 0x00 0x6E 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x28 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{5CBF81BF-5055-47CD-9055-A76B2B4E3698}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Kernel@Optional                                                                    1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Kernel@FilterClass                                                                 scheduler
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x50 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x63 0x00 0x70 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0x59 0xD6 0xF4 0xB5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x73 0x00 0x63 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x49 0x00 0x6E 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x00 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Kernel@UnbindOnAttach                                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Kernel@FilterClass                                                                 ms_firewall_upper
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x57 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x65 0x00 0x74 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0x60 0x64 0x0D 0xB7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x77 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x57 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x28 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{B70D6460-3635-4D42-B866-B8AB1A24454C}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Kernel@UnbindOnAttach                                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Kernel@UnbindOnDetach                                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Kernel@FilterClass                                                                 ms_medium_converter_top
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x4E 0x00 0x61 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000c                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000c@                            0x77 0x00 0x6C 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000e                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000e@                            0x77 0x00 0x6C 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\001e                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\001e@                            0x02 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0050                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0050@                            0x57 0x00 0x69 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0052                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0052@                            0xAD 0x74 0xDE 0xE1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x77 0x00 0x6C 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0x9A 0xCF 0x75 0xE4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0016                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0016@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0020                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f1f8-5923-47c0-9a68-d0bafb577901}\0020@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x4D 0x00 0x53 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x28 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Kernel@Optional                                                                    1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Kernel@FilterClass                                                                 ms_switch_filter
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x57 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x76 0x00 0x6D 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0xF0 0xB2 0xC3 0xE7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x77 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x57 0x00 0x66 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x00 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Kernel                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Kernel@Optional                                                                    1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Kernel@Monitoring                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Kernel@NoStartAtBoot                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Kernel@FilterClass                                                                 ms_switch_capture
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                            0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                            0x4E 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0006@                            0x65 0x00 0x74 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0002@                            0x6C 0xCD 0x24 0xEA ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0004@                            0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0006@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0008                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0008@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0018                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f1f7-5923-47c0-9a68-d0bafb577901}\0018@                            0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                            0x6E 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                            0x49 0x00 0x6E 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                            0x38 0x00 0x04 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Filters\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                            0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces                                                                                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@IfType                                                                   6
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@MediaType                                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@PhysicalMediaType                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@IfAlias                                                                  LAN-Verbindung* 8
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@NetLuidIndex                                                             32771
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@Characteristics                                                          41
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@IfDescr                                                                  WAN Miniport (IPv6)
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@ProtocolList                                                             wanarpv6?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Kernel@FilterList                                                               0x20 0x78 0xFD 0x3B ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties                                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                         0x05 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                         0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002@                         0x6E 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004@                         0x77 0x00 0x61 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0004                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0004@                         0x00 0x00 0x00 0x03 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000a                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000a@                         0x06 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000c                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000c@                         0x00 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000e                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000e@                         0x00 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0010                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0010@                         0x4C 0x00 0x41 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0012                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0012@                         0x57 0x00 0x41 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0032                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0032@                         0x53 0x00 0x57 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0034                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0034@                         0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\008c                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\008c@                         0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\00b4                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\00b4@                         0x08 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0104                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0104@                         0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                         0x29 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{157A765B-9BE2-4826-A790-CD2D2465B8A9}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                         0xE0 0x07 0x03 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@IfType                                                                   6
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@MediaType                                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@PhysicalMediaType                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@IfAlias                                                                  LAN-Verbindung* 9
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@NetLuidIndex                                                             32772
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@Characteristics                                                          41
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@IfDescr                                                                  WAN Miniport (Network Monitor)
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@ProtocolList                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Kernel@FilterList                                                               0x20 0x78 0xFD 0x3B ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties                                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                         0x05 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                         0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002@                         0x6E 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004@                         0x77 0x00 0x61 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0004                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0004@                         0x00 0x00 0x00 0x04 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000a                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000a@                         0x06 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000c                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000c@                         0x00 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000e                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000e@                         0x00 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0010                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0010@                         0x4C 0x00 0x41 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0012                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0012@                         0x57 0x00 0x41 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0032                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0032@                         0x53 0x00 0x57 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0034                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0034@                         0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\008c                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\008c@                         0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\00b4                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\00b4@                         0x09 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0104                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0104@                         0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                         0x29 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{1E938EAC-6159-4C89-9E0A-7F4CD2E2C001}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                         0xE0 0x07 0x03 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@IfType                                                                   23
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@MediaType                                                                12
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@PhysicalMediaType                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@IfAlias                                                                  LAN-Verbindung* 6
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@NetLuidIndex                                                             32768
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@Characteristics                                                          41
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@IfDescr                                                                  WAN Miniport (PPPOE)
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@ProtocolList                                                             NdisWan?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Kernel@FilterList                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties                                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                         0x05 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                         0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002@                         0x6E 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0004                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0004@                         0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000a                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000a@                         0x17 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000c                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000c@                         0x0C 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000e                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\000e@                         0x00 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0010                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0010@                         0x4C 0x00 0x41 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0012                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0012@                         0x57 0x00 0x41 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0032                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0032@                         0x53 0x00 0x57 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0034                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0034@                         0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\008c                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\008c@                         0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\00b4                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\00b4@                         0x06 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0104                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f1f4-5923-47c0-9a68-d0bafb577901}\0104@                         0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0006@                         0x29 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{3426CFE8-814B-4320-B823-8B915EA12427}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                         0xE0 0x07 0x03 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@IfType                                                                   6
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@MediaType                                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@PhysicalMediaType                                                        14
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@IfAlias                                                                  LAN-Verbindung* 1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@NetLuidIndex                                                             32769
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@Characteristics                                                          9
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@IfDescr                                                                  Microsoft Kernel Debug Network Adapter
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@ProtocolList                                                             Ndisuio?RDMANDK?Tcpip?lltdio?RasPppoe?MsLldp?Tcpip6?rspndr?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Kernel@FilterList                                                               0x6C 0xCD 0x24 0xEA ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties                                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                         0x05 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                               
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Interfaces\{4FE7424D-24B1-4E33-BB57-C129388EDF17}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                         0x01 
          


---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 07.03.2016, 16:53   #7
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



GMER (Mittlerer Teil):

Code:
ATTFilter
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{56465050-5343-5456-47F9-EC637C282991}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{56465050-5343-5456-47F9-EC637C282991}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                          0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Kernel                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                          0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                          0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004@                          0x78 0x00 0x62 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                          0x58 0x00 0x62 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                          0x41 0x00 0x20 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                          0x58 0x00 0x62 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                          0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                          0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004@                          0x6E 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                           
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Protocols\{58474950-424F-0058-CFE8-ABA2187557F2}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                          0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services                                                                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\Lookup                                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\Lookup@NetBIOS                                                                                                           0x53 0x4F 0x49 0x42 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\Lookup@LanmanServer                                                                                                      0x52 0x45 0x56 0x52 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties                                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                           0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                           0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004@                           0x4E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                           0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                           0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\000a@                           0x4E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0014@                           0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0016@                           0x01 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002@                           0x77 0x00 0x69 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004@                           0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                           0x6E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                           0x4E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{42494F53-4554-004E-6E89-7EF9DE2570E3}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                           0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties                                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1ef-5923-47c0-9a68-d0bafb577901}\0014@                           0x01 0x00 0x00 0x00 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0002@                           0x6D 0x00 0x73 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0004@                           0x4C 0x00 0x61 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0006@                           0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f0-5923-47c0-9a68-d0bafb577901}\0008@                           0x40 0x00 0x25 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0002@                           0x77 0x00 0x69 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f1f1-5923-47c0-9a68-d0bafb577901}\0004@                           0x74 0x00 0x64 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0002@                           0x4E 0x00 0x65 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0004@                           0x49 0x00 0x6E 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028                            
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\Services\{52564552-5345-414E-2DD4-CF8F7555A888}\Properties\{a111f200-5923-47c0-9a68-d0bafb577901}\0028@                           0xDF 0x07 0x0A 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\State                                                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Control\NetworkSetup2\State@NotifyObjectsPresent                                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                                                     ????????????????v2.25|Action=Block|Active=TRUE|Dir=In|Name=@{microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-827458402-4023430271-2341328680-500|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|???Der Mozilla Maintenance Service stellt sicher, dass die neueste und sicherste Version von Mozilla Firefox auf Ihrem Computer installiert ist. Denn Firefox auf dem aktuellen Stand zu halten, ist sehr wichtig f?r Ihre Sicherheit online und Mozilla empfiehlt mit Nachdruck, dass Sie
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                                                                    1180428
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                                                                     717651277
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                                                     4
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                                                   467818732
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                                                                  4219
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                                                                                3762
Reg     HKLM\SYSTEM\CurrentControlSet\Control\SQMServiceList@SQMServiceList                                                                                                                   netprofm,netman,dcomlaunch
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                                                      9d2a071c-7d06-4733-8803-021e75b
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter                                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{498B1B9F-8618-4E6C-9AD1-6A759BFBFB23}                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@D0DC3A2ADC4DD2F36BCBF11F9CBC1E2C                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@12EFB40C6B22510A69302DBFB63F3E7D                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@1915E359005496762A00B5FCA5BA8904                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@10BE9053B57950DCBB3291842C76E607                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@11B3D54A5B48CC1597E99ADB84427D7B                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@52B493FC848ADEDE3B7A0FC9413C4592                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@7B94B42C249AFC70387F98CFA7CD7461                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@671E960890FD88A8A0C1FFDC19A3386F                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@4A0809736FBBC320EA54AA108CEAB1AE                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@903E388EF9B2F27B1D5B4E47DCB2014E                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@3CD23A9DB8C6B57FE4ABF5D0A66DCFBC                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@DDD3E38CC7A4386C5FDE1F9F5DF98807                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@D0FC03E6DE9C413F875C5CC396D927CE                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@06837428029FD7A56DED4459FDDADC31                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@12975F21CA9FF8A35B11660EEFC73B96                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@0C7B4467CF0540675F7B391AB440C42D                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@BB97DABCD0BF722A3C90C8518F3D09EE                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@B186A6E22AB0E7B390CB3FA0D708CE04                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@7AF3C871B9A7F0AF6DE09B276C089AD6                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@9859221EA0FAD45F4DB75E7686EE3B47                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@A40EBCBABBDAF7041017A11AF9B29344                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@F1FE4FE646E232B6595B56076A3FA776                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@7C194BB3EDC012BFC9BB44E883C66A9D                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@0CB2523225D411478CC5B2F53C830B76                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@F0A23CE5D651C81F9F55AF6341672CDB                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@56893C5F5803871FEB47697E265D6AA9                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@ACF462466E7E63F5E0A4DB94704F839D                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@E93777114AF101552411EC2ACD169A2B                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@50BD14AA6633B05DDECCB9D4B9864FB9                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@5598AA3FFC9E2D9E4F917D6197BF0DC5                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@9A6879ED7C786F09C0F239E112C83170                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@2026C94F5AA97FB3733DE0A592FCC63C                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@C20968B7450E412EB76DD13750A682AB                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@91CB5004C3A6DA11327F55CC9177DF7D                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@AF9EC09BB8BD01371EB31D0267EE0CBF                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@ADA2E6F010922D08CB31DCD3724A6343                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@8A573B73503417D23F56A8A5F028B51E                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@94121CBA924EA414FB0412D618D16AF9                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@D6A9763C4C1CC33E235CDBC6F87BEC34                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@A7F4A501A74D286EDB1F69F9AC00D64F                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@308880B1CE24F27497FB05D493DB5AE1                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@EEFDCC167318D2DE19445774D6F15B44                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@B4001C24B1C35EAB8D7F525EC8CC19FB                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@62888CD08669B07ED0D486EE7D322E99                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@0ADEC85D33380C93A596D8028376112C                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@3EB433E367D9406EAFB6FCC2B5A99741                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{A25AE4F2-1B96-4CED-8007-AA30E9B1A218}@CBF79C3C21CF897186E52ADAE9727251                                  0x14 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{D73E01AC-F5A0-4D80-928B-33C1920C38BA}                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@2B6E25EEDE3EACDD3F2B0BC7DAD091AC4A8B4991F61CEE5DC6453FA45747F6A7  0x10 0x00 0x55 0x98 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@DFA3A7C023343336DBD5900C88347F4FD66C00E07D4EE21055DFDC5C3AE55DA4  0x10 0x00 0x56 0x89 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@69D32CD08EBE23F5E9A73F7F3285DF90A6E068C7385621B75831F30C8DCA6AFE  0x10 0x00 0x91 0xCB ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@5636491EE1A721C725F75D301286631F1306D3FD9269BE6961C9306FF333A60C  0x10 0x00 0xC2 0x09 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@7F6CE156A0F8503D64BEF3400EEC28337AF2E4CBC84904471CCF2A55D4732FF4  0x10 0x00 0x20 0x26 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@01FBA679A43FC10FC17E68E790296E750B8B47DA1EC976C8C2DCE69272D7756F  0x10 0x00 0xCB 0xF7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@F973BED00C590A46C4648557B0A8465A86DBFDA1680BC1988BB5CAC26BF3C5AF  0x10 0x00 0x9A 0x68 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@99658658936906F4C995A20F0ABBF338997B214A03C7373DCF1BA2A0CE942F02  0x10 0x00 0xF0 0xA2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@FA781673A336A22A459AAD86B4130C57AEEBC5FBE871FB784D3E226BD90F28E9  0x10 0x00 0x8A 0x57 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@A7EE72376EEF3FC21C89C247026A68C90FC32B592586F2BE5EEF1AB51158988F  0x10 0x00 0xD6 0xA9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@07B953760392F2BDB1B43BF176B360750DD90DE2C329024F9DA1DB173B34B119  0x10 0x00 0xA7 0xF4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@600164CD3F51F748C9724E0C4B373B5E53B1E9A3248EA4B89280F7B35022FCD4  0x10 0x00 0x94 0x12 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@DC42D022B32C3EC4C256D3AB2E90618591E92677860B873E68A23AF36C849B3D  0x10 0x00 0x0A 0xDE ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@160C4BED1A00473A1828F5FD48969D88B7E2A99778DA919EA29DFD5AA194168B  0x10 0x00 0x50 0xBD ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@81ADBC846C42A1B4551E2300671A42FDB7C2AE78F9C19C8AFE62CBAD0FBC90FA  0x10 0x00 0xE9 0x37 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@7095C94CECEA0AEFA0CAFB80C081AE1A082CFE736FA4E02C6BEC97DFA9C5B0AC  0x10 0x00 0xAF 0x9E ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@F44DD21BE9FEE5DE287EFBA0BFE8626B015BFEFBBF05D7407F7F5594EFA3E6CC  0x10 0x00 0xB4 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@046BB31A8A431F5F71A7D79B7C30E57E02BB3121DD65A35D04261B3FCD8BF707  0x10 0x00 0x62 0x88 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@A7801798FE1F678C6D0CE7FAB89C4091563F12DC72B31B17913D3D6F87446317  0x10 0x00 0xAD 0xA2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@DBBEDA499D73CEDB995BD96DC1E169CAE3A6D8EF93D1EB5A7379A9A532D7E217  0x10 0x00 0xAC 0xF4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@20B42A49CFFBB52ECDF32D0184F53D33D523EA95E9E5EBA15E20B2D1F538BB50  0x10 0x00 0xEE 0xFD ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@069FEE5F49A76D49791AC928185C6CFE8E0E9E342D328BA4ADC8F568091C984E  0x10 0x00 0x3E 0xB4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@1DB891F7BDC4A1DDD9D9B2508684674FCCAB2C489168C6B99A38677D84652BB7  0x10 0x00 0x30 0x88 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@682AE52A9AA15EFB4CFD9F724C594EB880D3D6CF0C4F70C1FCA45197012CB218  0x10 0x00 0x0C 0xB2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\{7746D80F-97E0-4E26-9543-26B41FC22F79}\{FB9F5B62-B48B-45F5-8586-E514958C92E2}@99E45EF1FE5FE210C8536432A08E626116CB1011D0995A4EEA0B9133879D3FE6  0x10 0x00 0xCB 0xF7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{3c2a5568-924d-4095-a1d7-3cdadc0129ec}@LastProbeTime                                                                 1457357209
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{89773703-4642-4280-8AAC-61D400D9A876}@InterfaceName                                                                Reusable ISATAP Interface {89773703-4642-4280-8AAC-61D400D9A876}
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{89773703-4642-4280-8AAC-61D400D9A876}@ReusableType                                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                                                                       ?Mo?, ?Mrz ?07 ?16, 01:32:33???????????????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                       1251
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                      150
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SRTSP@Start                                                                                                                                    1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SRTSP                                                                                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d2c0c15f-0ba1-4286-9885-3a24a7998d79}@LeaseObtainedTime                                                           1457358381
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d2c0c15f-0ba1-4286-9885-3a24a7998d79}@T1                                                                          1457790381
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d2c0c15f-0ba1-4286-9885-3a24a7998d79}@T2                                                                          1458114381
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d2c0c15f-0ba1-4286-9885-3a24a7998d79}@LeaseTerminatesTime                                                         1458222381
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@OsBootCount                                                                                                                                4
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeConfidence                                                                                                  8
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                                                                   0xF5 0x4A 0x50 0x2D ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                                                                        0xF5 0xB2 0x14 0x8F ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                                                         0xF5 0xE2 0x8B 0xCB ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount                                                                                                   0x05 0x3B 0x94 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                                                                      0
Reg     HKLM\SYSTEM\Setup@SystemPartition                                                                                                                                                     \Device\HarddiskVolume1
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds                                                                                                           Symantec.Norton Internet Security?Microsoft.Windows.ControlPanel?Microsoft.Windows.Explorer?Microsoft.Windows.Explorer_RecentFiles?Chrome?E7CF176E110C211B?{6D809377-6AF0-444B-8957-A3773F02200E}\Windows NT\Accessories\wordpad.exe?{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Explorer.exe?
Reg     HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                                                           C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avz.exe_2ff287d7962a8f326f444ba5df8a28d31508e28_03b33435_11076dd4
Reg     HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog                                                                                     0x7C 0x06 0x0C 0x00 ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog
         
Und jetzt bitte einmal die letzten beiden Registry-Einträge mit diesem Artikel vergleichen https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html

Alt 08.03.2016, 09:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Kannst du mal bitte etwas deutlicher werden?? Wo genau steht in deinen Logs etwas, was genau auf dieses Bootkit hinweist, deiner Meinung nach?

Die anderen Logs über dein Google Drive kann ich nicht sehen (Fehlercode: sec_error_unknown_issuer) also stell sie bitte hier anders zur Verfügung.

Screenshots direkt hier rein, wir haben hier extra IMG-Tags und die restlichen Log-Textfiles direkt in CODE-Tags posten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.03.2016, 11:31   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Bitte zeig mir jetzt genau die Stelle, die dein Bootkit entlarvt anstatt hier einfach weitere Logs reinzuknallen, nach denen ich nicht gefragt habe.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.03.2016, 11:45   #10
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Ja, gerne, dann dazu als erstes:
GMER log ,erster von oben, hier jetzt komplett ohne Link:

GMER I TEIL-2

Code:
ATTFilter
                                                                                                                                                                                                          fffff800ef7b5280 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwLockVirtualMemory                                                                                                                                                                                                                          fffff800ef308f88 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwMakePermanentObject                                                                                                                                                                                                                        fffff800ef7c1a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMakeTemporaryObject                                                                                                                                                                                                                        fffff800ef719458 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwManagePartition                                                                                                                                                                                                                            fffff800ef8a1d70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapCMFModule                                                                                                                                                                                                                               fffff800ef6faf24 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapUserPhysicalPages                                                                                                                                                                                                                       fffff800ef8a46e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapUserPhysicalPagesScatter                                                                                                                                                                                                                fffff800ef8a4b30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwMapViewOfSection                                                                                                                                                                                                                           fffff800ef649cf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwModifyBootEntry                                                                                                                                                                                                                            fffff800ef8ed644 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwModifyDriverEntry                                                                                                                                                                                                                          fffff800ef8ed660 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeDirectoryFile                                                                                                                                                                                                                  fffff800ef72a96c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeKey                                                                                                                                                                                                                            fffff800ef6b394c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeMultipleKeys                                                                                                                                                                                                                   fffff800ef6b39b4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwNotifyChangeSession                                                                                                                                                                                                                        fffff800ef711a04 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenDirectoryObject                                                                                                                                                                                                                        fffff800ef68eb90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenEnlistment                                                                                                                                                                                                                             fffff800ef27e068 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwOpenEvent                                                                                                                                                                                                                                  fffff800ef68e404 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenEventPair                                                                                                                                                                                                                              fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenFile                                                                                                                                                                                                                                   fffff800ef68f348 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenIoCompletion                                                                                                                                                                                                                           fffff800ef877504 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenJobObject                                                                                                                                                                                                                              fffff800ef8bdec0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKey                                                                                                                                                                                                                                    fffff800ef68f4d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyEx                                                                                                                                                                                                                                  fffff800ef68ff34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyTransacted                                                                                                                                                                                                                          fffff800ef858f14 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyTransactedEx                                                                                                                                                                                                                        fffff800ef70744c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenKeyedEvent                                                                                                                                                                                                                             fffff800ef8f1ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenMutant                                                                                                                                                                                                                                 fffff800ef68ea08 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenObjectAuditAlarm                                                                                                                                                                                                                       fffff800ef708ea4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenPartition                                                                                                                                                                                                                              fffff800ef8a1dd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenPrivateNamespace                                                                                                                                                                                                                       fffff800ef6f9e4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenProcess                                                                                                                                                                                                                                fffff800ef69bd90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenProcessToken                                                                                                                                                                                                                           fffff800ef69b71c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenProcessTokenEx                                                                                                                                                                                                                         fffff800ef69b730 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenResourceManager                                                                                                                                                                                                                        fffff800ef27e070 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwOpenSection                                                                                                                                                                                                                                fffff800ef68ec10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenSemaphore                                                                                                                                                                                                                              fffff800ef705f78 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenSession                                                                                                                                                                                                                                fffff800ef7654a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenSymbolicLinkObject                                                                                                                                                                                                                     fffff800ef68e384 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenThread                                                                                                                                                                                                                                 fffff800ef69b388 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenThreadToken                                                                                                                                                                                                                            fffff800ef65af68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenThreadTokenEx                                                                                                                                                                                                                          fffff800ef65af80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenTimer                                                                                                                                                                                                                                  fffff800ef8e8df8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwOpenTransaction                                                                                                                                                                                                                            fffff800ef27e078 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwOpenTransactionManager                                                                                                                                                                                                                     fffff800ef27e080 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPlugPlayControl                                                                                                                                                                                                                            fffff800ef73dd54 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPowerInformation                                                                                                                                                                                                                           fffff800ef731334 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPrePrepareComplete                                                                                                                                                                                                                         fffff800ef27e088 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrePrepareEnlistment                                                                                                                                                                                                                       fffff800ef27e090 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrepareComplete                                                                                                                                                                                                                            fffff800ef27e098 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrepareEnlistment                                                                                                                                                                                                                          fffff800ef27e0a0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPrivilegeCheck                                                                                                                                                                                                                             fffff800ef6a3a34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPrivilegeObjectAuditAlarm                                                                                                                                                                                                                  fffff800ef77cff0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPrivilegedServiceAuditAlarm                                                                                                                                                                                                                fffff800ef7099ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPropagationComplete                                                                                                                                                                                                                        fffff800ef27e0a8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwPropagationFailed                                                                                                                                                                                                                          fffff800ef27e0b0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwProtectVirtualMemory                                                                                                                                                                                                                       fffff800ef64c4f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwPulseEvent                                                                                                                                                                                                                                 fffff800ef643774 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryAttributesFile                                                                                                                                                                                                                        fffff800ef68f150 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryBootEntryOrder                                                                                                                                                                                                                        fffff800ef8ed67c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryBootOptions                                                                                                                                                                                                                           fffff800ef8ed8e4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDebugFilterState                                                                                                                                                                                                                      fffff800ef353ed0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryDefaultLocale                                                                                                                                                                                                                         fffff800ef6fc440 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDefaultUILanguage                                                                                                                                                                                                                     fffff800ef780f28 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDirectoryFile                                                                                                                                                                                                                         fffff800ef67f8a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDirectoryObject                                                                                                                                                                                                                       fffff800ef6814f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryDriverEntryOrder                                                                                                                                                                                                                      fffff800ef8edbd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryEaFile                                                                                                                                                                                                                                fffff800ef72aeac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryEvent                                                                                                                                                                                                                                 fffff800ef6f292c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryFullAttributesFile                                                                                                                                                                                                                    fffff800ef68ee80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationAtom                                                                                                                                                                                                                       fffff800ef6c350c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationEnlistment                                                                                                                                                                                                                 fffff800ef27e0b8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationFile                                                                                                                                                                                                                       fffff800ef666c70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationJobObject                                                                                                                                                                                                                  fffff800ef687880 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationPort                                                                                                                                                                                                                       fffff800ef89c630 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationProcess                                                                                                                                                                                                                    fffff800ef689b30 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationResourceManager                                                                                                                                                                                                            fffff800ef27e0c0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationThread                                                                                                                                                                                                                     fffff800ef689040 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationToken                                                                                                                                                                                                                      fffff800ef6725d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryInformationTransaction                                                                                                                                                                                                                fffff800ef27e0c8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationTransactionManager                                                                                                                                                                                                         fffff800ef27e0d0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInformationWorkerFactory                                                                                                                                                                                                              fffff800ef48d3d4 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryInstallUILanguage                                                                                                                                                                                                                     fffff800ef705754 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryIntervalProfile                                                                                                                                                                                                                       fffff800ef75739c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryIoCompletion                                                                                                                                                                                                                          fffff800ef877614 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryKey                                                                                                                                                                                                                                   fffff800ef65c890 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryLicenseValue                                                                                                                                                                                                                          fffff800ef6d85cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryMultipleValueKey                                                                                                                                                                                                                      fffff800ef705854 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryMutant                                                                                                                                                                                                                                fffff800ef70aba4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryObject                                                                                                                                                                                                                                fffff800ef6dd780 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryOpenSubKeys                                                                                                                                                                                                                           fffff800ef858ff4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryOpenSubKeysEx                                                                                                                                                                                                                         fffff800ef8591a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryPerformanceCounter                                                                                                                                                                                                                    fffff800ef6eb3e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryPortInformationProcess                                                                                                                                                                                                                fffff800ef8bb0f4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryQuotaInformationFile                                                                                                                                                                                                                  fffff800ef878aa0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySection                                                                                                                                                                                                                               fffff800ef6c2258 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySecurityAttributesToken                                                                                                                                                                                                               fffff800ef674ab0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySecurityObject                                                                                                                                                                                                                        fffff800ef68ddc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySemaphore                                                                                                                                                                                                                             fffff800ef70bb64 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySymbolicLinkObject                                                                                                                                                                                                                    fffff800ef6ecdf8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemEnvironmentValue                                                                                                                                                                                                                fffff800ef8edee8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemEnvironmentValueEx                                                                                                                                                                                                              fffff800ef780270 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemInformation                                                                                                                                                                                                                     fffff800ef662c90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemInformationEx                                                                                                                                                                                                                   fffff800ef6fd75c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQuerySystemTime                                                                                                                                                                                                                            fffff800ef2d9350 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwQueryTimer                                                                                                                                                                                                                                 fffff800ef8e8e9c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryTimerResolution                                                                                                                                                                                                                       fffff800ef70cdf8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryValueKey                                                                                                                                                                                                                              fffff800ef65d0c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryVirtualMemory                                                                                                                                                                                                                         fffff800ef65a39c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryVolumeInformationFile                                                                                                                                                                                                                 fffff800ef68d510 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryWnfStateData                                                                                                                                                                                                                          fffff800ef69ee8c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueryWnfStateNameInformation                                                                                                                                                                                                               fffff800ef704f98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueueApcThread                                                                                                                                                                                                                             fffff800ef7008c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwQueueApcThreadEx                                                                                                                                                                                                                           fffff800ef7008f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRaiseException                                                                                                                                                                                                                             fffff800ef3bf850 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRaiseHardError                                                                                                                                                                                                                             fffff800ef8ef7ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadFile                                                                                                                                                                                                                                   fffff800ef67efd0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadFileScatter                                                                                                                                                                                                                            fffff800ef70b08c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadOnlyEnlistment                                                                                                                                                                                                                         fffff800ef27e0d8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwReadRequestData                                                                                                                                                                                                                            fffff800ef89c6ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReadVirtualMemory                                                                                                                                                                                                                          fffff800ef649188 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRecoverEnlistment                                                                                                                                                                                                                          fffff800ef27e0e0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRecoverResourceManager                                                                                                                                                                                                                     fffff800ef27e0e8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRecoverTransactionManager                                                                                                                                                                                                                  fffff800ef27e0f0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRegisterProtocolAddressInformation                                                                                                                                                                                                         fffff800ef27e238 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRegisterThreadTerminatePort                                                                                                                                                                                                                fffff800ef71247c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseKeyedEvent                                                                                                                                                                                                                          fffff800ef70ad00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseMutant                                                                                                                                                                                                                              fffff800ef6e0860 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseSemaphore                                                                                                                                                                                                                           fffff800ef6ea5a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReleaseWorkerFactoryWorker                                                                                                                                                                                                                 fffff800ef32ed70 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRemoveIoCompletion                                                                                                                                                                                                                         fffff800ef6ddf20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRemoveIoCompletionEx                                                                                                                                                                                                                       fffff800ef6ff1d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRemoveProcessDebug                                                                                                                                                                                                                         fffff800ef86d3d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRenameKey                                                                                                                                                                                                                                  fffff800ef859468 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRenameTransactionManager                                                                                                                                                                                                                   fffff800ef27e240 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwReplaceKey                                                                                                                                                                                                                                 fffff800ef8598b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReplacePartitionUnit                                                                                                                                                                                                                       fffff800ef49a0e8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwReplyPort                                                                                                                                                                                                                                  fffff800ef728120 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReplyWaitReceivePort                                                                                                                                                                                                                       fffff800ef6986a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReplyWaitReceivePortEx                                                                                                                                                                                                                     fffff800ef698550 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwReplyWaitReplyPort                                                                                                                                                                                                                         fffff800ef89c73c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRequestPort                                                                                                                                                                                                                                fffff800ef70ec88 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRequestWaitReplyPort                                                                                                                                                                                                                       fffff800ef717168 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwResetEvent                                                                                                                                                                                                                                 fffff800ef6b38b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwResetWriteWatch                                                                                                                                                                                                                            fffff800ef2ad7f0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRestoreKey                                                                                                                                                                                                                                 fffff800ef859b18 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwResumeProcess                                                                                                                                                                                                                              fffff800ef78dfa4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwResumeThread                                                                                                                                                                                                                               fffff800ef6f2824 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwRevertContainerImpersonation                                                                                                                                                                                                               fffff800ef46d4c8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRollbackComplete                                                                                                                                                                                                                           fffff800ef27e0f8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRollbackEnlistment                                                                                                                                                                                                                         fffff800ef27e100 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRollbackTransaction                                                                                                                                                                                                                        fffff800ef27e108 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwRollforwardTransactionManager                                                                                                                                                                                                              fffff800ef27e248 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSaveKey                                                                                                                                                                                                                                    fffff800ef859dac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSaveKeyEx                                                                                                                                                                                                                                  fffff800ef859fec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSaveMergedKeys                                                                                                                                                                                                                             fffff800ef85a28c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSecureConnectPort                                                                                                                                                                                                                          fffff800ef721494 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSerializeBoot                                                                                                                                                                                                                              fffff800ef7bd59c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetBootEntryOrder                                                                                                                                                                                                                          fffff800ef8ee218 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetBootOptions                                                                                                                                                                                                                             fffff800ef8ee40c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetCachedSigningLevel                                                                                                                                                                                                                      fffff800ef62f2e4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetContextThread                                                                                                                                                                                                                           fffff800ef8bdd94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetDebugFilterState                                                                                                                                                                                                                        fffff800ef791864 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetDefaultHardErrorPort                                                                                                                                                                                                                    fffff800ef7bd714 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetDefaultLocale                                                                                                                                                                                                                           fffff800ef7807a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetDefaultUILanguage                                                                                                                                                                                                                       fffff800ef7809c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetDriverEntryOrder                                                                                                                                                                                                                        fffff800ef8ee600 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetEaFile                                                                                                                                                                                                                                  fffff800ef8784a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetEvent                                                                                                                                                                                                                                   fffff800ef672500 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetEventBoostPriority                                                                                                                                                                                                                      fffff800ef8e8ff8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetHighEventPair                                                                                                                                                                                                                           fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetHighWaitLowEventPair                                                                                                                                                                                                                    fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetIRTimer                                                                                                                                                                                                                                 fffff800ef362708 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetInformationDebugObject                                                                                                                                                                                                                  fffff800ef86d520 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationEnlistment                                                                                                                                                                                                                   fffff800ef27e110 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetInformationFile                                                                                                                                                                                                                         fffff800ef2fc2c0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetInformationJobObject                                                                                                                                                                                                                    fffff800ef6cd07c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationKey                                                                                                                                                                                                                          fffff800ef67e020 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationObject                                                                                                                                                                                                                       fffff800ef6dd3f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationProcess                                                                                                                                                                                                                      fffff800ef6aa190 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationResourceManager                                                                                                                                                                                                              fffff800ef27e118 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetInformationSymbolicLink                                                                                                                                                                                                                 fffff800ef8a981c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationThread                                                                                                                                                                                                                       fffff800ef690cc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationToken                                                                                                                                                                                                                        fffff800ef6d40c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationTransaction                                                                                                                                                                                                                  fffff800ef27e120 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetInformationTransactionManager                                                                                                                                                                                                           fffff800ef27e250 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetInformationVirtualMemory                                                                                                                                                                                                                fffff800ef6defe0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetInformationWorkerFactory                                                                                                                                                                                                                fffff800ef32f7c0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetIntervalProfile                                                                                                                                                                                                                         fffff800ef75743c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetIoCompletion                                                                                                                                                                                                                            fffff800ef6c08fc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetIoCompletionEx                                                                                                                                                                                                                          fffff800ef62eeb4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetLdtEntries                                                                                                                                                                                                                              fffff800ef3adc84 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetLowEventPair                                                                                                                                                                                                                            fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetLowWaitHighEventPair                                                                                                                                                                                                                    fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetQuotaInformationFile                                                                                                                                                                                                                    fffff800ef8791dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetSecurityObject                                                                                                                                                                                                                          fffff800ef7198e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetSystemEnvironmentValue                                                                                                                                                                                                                  fffff800ef8ee7f4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetSystemEnvironmentValueEx                                                                                                                                                                                                                fffff800ef8eeb28 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetSystemInformation                                                                                                                                                                                                                       fffff800ef6344dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetSystemPowerState                                                                                                                                                                                                                        fffff800ef617ab0 \SystemRoot\system32\ntoskrnl.exe [PAGELK]
SSDT     ZwSetSystemTime                                                                                                                                                                                                                              fffff800ef8e6640 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetThreadExecutionState                                                                                                                                                                                                                    fffff800ef764458 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetTimer                                                                                                                                                                                                                                   fffff800ef372530 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetTimer2                                                                                                                                                                                                                                  fffff800ef296864 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetTimerEx                                                                                                                                                                                                                                 fffff800ef2efa28 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSetTimerResolution                                                                                                                                                                                                                         fffff800ef6f75f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetUuidSeed                                                                                                                                                                                                                                fffff800ef7b6ae8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetValueKey                                                                                                                                                                                                                                fffff800ef6b4ca0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetVolumeInformationFile                                                                                                                                                                                                                   fffff800ef764f14 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSetWnfProcessNotificationEvent                                                                                                                                                                                                             fffff800ef701f28 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwShutdownSystem                                                                                                                                                                                                                             fffff800ef8e867c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwShutdownWorkerFactory                                                                                                                                                                                                                      fffff800ef35c23c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSignalAndWaitForSingleObject                                                                                                                                                                                                               fffff800ef45dd3c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwSinglePhaseReject                                                                                                                                                                                                                          fffff800ef27e258 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwStartProfile                                                                                                                                                                                                                               fffff800ef8f1778 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwStopProfile                                                                                                                                                                                                                                fffff800ef8f19d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSubscribeWnfStateChange                                                                                                                                                                                                                    fffff800ef6a0410 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSuspendProcess                                                                                                                                                                                                                             fffff800ef78c4dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSuspendThread                                                                                                                                                                                                                              fffff800ef6ff4d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwSystemDebugControl                                                                                                                                                                                                                         fffff800ef8f313c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwTerminateJobObject                                                                                                                                                                                                                         fffff800ef6d03e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwTerminateProcess                                                                                                                                                                                                                           fffff800ef6fe214 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwTerminateThread                                                                                                                                                                                                                            fffff800ef63be1c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwTestAlert                                                                                                                                                                                                                                  fffff800ef685180 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwThawRegistry                                                                                                                                                                                                                               fffff800ef39ad64 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwThawTransactions                                                                                                                                                                                                                           fffff800ef27e128 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwTraceControl                                                                                                                                                                                                                               fffff800ef678350 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwTraceEvent                                                                                                                                                                                                                                 fffff800ef2faf20 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwTranslateFilePath                                                                                                                                                                                                                          fffff800ef8eed94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUmsThreadYield                                                                                                                                                                                                                             fffff800ef8987e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnloadDriver                                                                                                                                                                                                                               fffff800ef78e90c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnloadKey                                                                                                                                                                                                                                  fffff800ef7bee38 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnloadKey2                                                                                                                                                                                                                                 fffff800ef77de98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnloadKeyEx                                                                                                                                                                                                                                fffff800ef754aec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnlockFile                                                                                                                                                                                                                                 fffff800ef6f8254 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnlockVirtualMemory                                                                                                                                                                                                                        fffff800ef3352d0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwUnmapViewOfSection                                                                                                                                                                                                                         fffff800ef7015ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnmapViewOfSectionEx                                                                                                                                                                                                                       fffff800ef649bf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUnsubscribeWnfStateChange                                                                                                                                                                                                                  fffff800ef6ef73c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwUpdateWnfStateData                                                                                                                                                                                                                         fffff800ef6a0acc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwVdmControl                                                                                                                                                                                                                                 fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForAlertByThreadId                                                                                                                                                                                                                     fffff800ef6812c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForDebugEvent                                                                                                                                                                                                                          fffff800ef86d68c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForKeyedEvent                                                                                                                                                                                                                          fffff800ef70aeb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForMultipleObjects                                                                                                                                                                                                                     fffff800ef6dd2c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForMultipleObjects32                                                                                                                                                                                                                   fffff800ef6df7f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForSingleObject                                                                                                                                                                                                                        fffff800ef670500 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitForWorkViaWorkerFactory                                                                                                                                                                                                                fffff800ef2d1540 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwWaitHighEventPair                                                                                                                                                                                                                          fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWaitLowEventPair                                                                                                                                                                                                                           fffff800ef7c2a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWorkerFactoryWorkerReady                                                                                                                                                                                                                   fffff800ef353f1c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT     ZwWriteFile                                                                                                                                                                                                                                  fffff800ef680420 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWriteFileGather                                                                                                                                                                                                                            fffff800ef72cdb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWriteRequestData                                                                                                                                                                                                                           fffff800ef89c7dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwWriteVirtualMemory                                                                                                                                                                                                                         fffff800ef704360 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT     ZwYieldExecution                                                                                                                                                                                                                             fffff800ef2ee3f0 \SystemRoot\system32\ntoskrnl.exe [.text]
         
]

Alt 09.03.2016, 11:50   #11
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



GMER 1 TEIL 3


Code:
ATTFilter
---- Modules - GMER 2.1 ----

Module   \SystemRoot\system32\ntoskrnl.exe                                                                                                                                                                                                            fffff800ef27d000-fffff800efa49000 (8175616 bytes)
Module   \SystemRoot\system32\hal.dll                                                                                                                                                                                                                 fffff800ef20a000-fffff800ef27d000 (471040 bytes)
Module   \SystemRoot\system32\kd.dll                                                                                                                                                                                                                  fffff800ee28b000-fffff800ee296000 (45056 bytes)
Module   \SystemRoot\system32\mcupdate_GenuineIntel.dll                                                                                                                                                                                               fffff800bc1a0000-fffff800bc22e000 (581632 bytes)
Module   \SystemRoot\System32\drivers\werkernel.sys                                                                                                                                                                                                   fffff800bc230000-fffff800bc240000 (65536 bytes)
Module   \SystemRoot\System32\drivers\CLFS.SYS                                                                                                                                                                                                        fffff800bc240000-fffff800bc2a5000 (413696 bytes)
Module   \SystemRoot\System32\drivers\tm.sys                                                                                                                                                                                                          fffff800bc2b0000-fffff800bc2d5000 (151552 bytes)
Module   \SystemRoot\system32\PSHED.dll                                                                                                                                                                                                               fffff800bc2e0000-fffff800bc2f7000 (94208 bytes)
Module   \SystemRoot\system32\BOOTVID.dll                                                                                                                                                                                                             fffff800bc300000-fffff800bc30b000 (45056 bytes)
Module   \SystemRoot\System32\drivers\cmimcext.sys                                                                                                                                                                                                    fffff800bc310000-fffff800bc31e000 (57344 bytes)
Module   \SystemRoot\System32\drivers\ntosext.sys                                                                                                                                                                                                     fffff800bc320000-fffff800bc32c000 (49152 bytes)
Module   \SystemRoot\system32\CI.dll                                                                                                                                                                                                                  fffff800bc330000-fffff800bc3c9000 (626688 bytes)
Module   \SystemRoot\System32\drivers\msrpc.sys                                                                                                                                                                                                       fffff800bbe00000-fffff800bbe5c000 (376832 bytes)
Module   \SystemRoot\System32\drivers\FLTMGR.SYS                                                                                                                                                                                                      fffff800bbe60000-fffff800bbec2000 (401408 bytes)
Module   \SystemRoot\System32\drivers\ksecdd.sys                                                                                                                                                                                                      fffff800bbed0000-fffff800bbef5000 (151552 bytes)
Module   \SystemRoot\System32\drivers\clipsp.sys                                                                                                                                                                                                      fffff800bbf00000-fffff800bbfa5000 (675840 bytes)
Module   \SystemRoot\system32\drivers\Wdf01000.sys                                                                                                                                                                                                    fffff800bbfb0000-fffff800bc075000 (806912 bytes)
Module   \SystemRoot\system32\drivers\WDFLDR.SYS                                                                                                                                                                                                      fffff800bc080000-fffff800bc093000 (77824 bytes)
Module   \SystemRoot\System32\Drivers\acpiex.sys                                                                                                                                                                                                      fffff800bc0a0000-fffff800bc0c3000 (143360 bytes)
Module   \SystemRoot\System32\Drivers\WppRecorder.sys                                                                                                                                                                                                 fffff800bc0d0000-fffff800bc0dd000 (53248 bytes)
Module   \SystemRoot\System32\Drivers\cng.sys                                                                                                                                                                                                         fffff800bc0e0000-fffff800bc178000 (622592 bytes)
Module   \SystemRoot\System32\drivers\ACPI.sys                                                                                                                                                                                                        fffff800bd100000-fffff800bd190000 (589824 bytes)
Module   \SystemRoot\System32\drivers\WMILIB.SYS                                                                                                                                                                                                      fffff800bd190000-fffff800bd19c000 (49152 bytes)
Module   \SystemRoot\System32\drivers\msisadrv.sys                                                                                                                                                                                                    fffff800bd1a0000-fffff800bd1ab000 (45056 bytes)
Module   \SystemRoot\System32\drivers\pci.sys                                                                                                                                                                                                         fffff800bc400000-fffff800bc456000 (352256 bytes)
Module   \SystemRoot\System32\drivers\tpm.sys                                                                                                                                                                                                         fffff800bc460000-fffff800bc498000 (229376 bytes)
Module   \SystemRoot\system32\drivers\WindowsTrustedRT.sys                                                                                                                                                                                            fffff800bc4b0000-fffff800bc4cf000 (126976 bytes)
Module   \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys                                                                                                                                                                                       fffff800bc4d0000-fffff800bc4db000 (45056 bytes)
Module   \SystemRoot\System32\drivers\pcw.sys                                                                                                                                                                                                         fffff800bc4e0000-fffff800bc4f2000 (73728 bytes)
Module   \SystemRoot\System32\drivers\vdrvroot.sys                                                                                                                                                                                                    fffff800bc500000-fffff800bc512000 (73728 bytes)
Module   \SystemRoot\system32\drivers\pdc.sys                                                                                                                                                                                                         fffff800bc520000-fffff800bc53e000 (122880 bytes)
Module   \SystemRoot\system32\drivers\CEA.sys                                                                                                                                                                                                         fffff800bc540000-fffff800bc559000 (102400 bytes)
Module   \SystemRoot\System32\drivers\partmgr.sys                                                                                                                                                                                                     fffff800bc560000-fffff800bc582000 (139264 bytes)
Module   \SystemRoot\System32\drivers\spaceport.sys                                                                                                                                                                                                   fffff800bc590000-fffff800bc616000 (548864 bytes)
Module   \SystemRoot\System32\drivers\volmgr.sys                                                                                                                                                                                                      fffff800bc620000-fffff800bc638000 (98304 bytes)
Module   \SystemRoot\System32\drivers\volmgrx.sys                                                                                                                                                                                                     fffff800bc640000-fffff800bc69e000 (385024 bytes)
Module   \SystemRoot\System32\drivers\mountmgr.sys                                                                                                                                                                                                    fffff800bc6a0000-fffff800bc6bd000 (118784 bytes)
Module   \SystemRoot\System32\drivers\storahci.sys                                                                                                                                                                                                    fffff800bc6c0000-fffff800bc6e5000 (151552 bytes)
Module   \SystemRoot\System32\drivers\storport.sys                                                                                                                                                                                                    fffff800bc6f0000-fffff800bc768000 (491520 bytes)
Module   \SystemRoot\System32\drivers\fileinfo.sys                                                                                                                                                                                                    fffff800bc790000-fffff800bc7a9000 (102400 bytes)
Module   \SystemRoot\System32\Drivers\Wof.sys                                                                                                                                                                                                         fffff800bc7b0000-fffff800bc7e8000 (229376 bytes)
Module   \SystemRoot\system32\drivers\WdFilter.sys                                                                                                                                                                                                    fffff800bc7f0000-fffff800bc83c000 (311296 bytes)
Module   \SystemRoot\System32\Drivers\NTFS.sys                                                                                                                                                                                                        fffff800bc840000-fffff800bca58000 (2195456 bytes)
Module   \SystemRoot\System32\Drivers\Fs_Rec.sys                                                                                                                                                                                                      fffff800bca60000-fffff800bca6d000 (53248 bytes)
Module   \SystemRoot\system32\drivers\ndis.sys                                                                                                                                                                                                        fffff800bca70000-fffff800bcb90000 (1179648 bytes)
Module   \SystemRoot\system32\drivers\NETIO.SYS                                                                                                                                                                                                       fffff800bcb90000-fffff800bcc08000 (491520 bytes)
Module   \SystemRoot\System32\Drivers\ksecpkg.sys                                                                                                                                                                                                     fffff800bcc10000-fffff800bcc3e000 (188416 bytes)
Module   \SystemRoot\System32\drivers\tcpip.sys                                                                                                                                                                                                       fffff800bcc40000-fffff800bce97000 (2453504 bytes)
Module   \SystemRoot\System32\drivers\fwpkclnt.sys                                                                                                                                                                                                    fffff800bcea0000-fffff800bcf07000 (421888 bytes)
Module   \SystemRoot\System32\drivers\wfplwfs.sys                                                                                                                                                                                                     fffff800bcf10000-fffff800bcf3a000 (172032 bytes)
Module   \SystemRoot\system32\drivers\NISx64\1605040.018\SYMEFASI64.SYS                                                                                                                                                                               fffff800bcf40000-fffff800bd0d1000 (1642496 bytes)
Module   \SystemRoot\System32\DRIVERS\fvevol.sys                                                                                                                                                                                                      fffff800bd970000-fffff800bda11000 (659456 bytes)
Module   \SystemRoot\System32\drivers\volsnap.sys                                                                                                                                                                                                     fffff800bda20000-fffff800bda89000 (430080 bytes)
Module   \SystemRoot\System32\drivers\rdyboost.sys                                                                                                                                                                                                    fffff800bda90000-fffff800bdad4000 (278528 bytes)
Module   \SystemRoot\System32\Drivers\mup.sys                                                                                                                                                                                                         fffff800bdae0000-fffff800bdb05000 (151552 bytes)
Module   \SystemRoot\System32\drivers\disk.sys                                                                                                                                                                                                        fffff800bdb20000-fffff800bdb3f000 (126976 bytes)
Module   \SystemRoot\System32\drivers\CLASSPNP.SYS                                                                                                                                                                                                    fffff800bdb40000-fffff800bdba0000 (393216 bytes)
Module   \SystemRoot\System32\Drivers\crashdmp.sys                                                                                                                                                                                                    fffff800bdbc0000-fffff800bdbd9000 (102400 bytes)
Module   \SystemRoot\System32\drivers\cdrom.sys                                                                                                                                                                                                       fffff800bd2a0000-fffff800bd2d1000 (200704 bytes)
Module   \SystemRoot\system32\drivers\NISx64\1605040.018\ccSetx64.sys                                                                                                                                                                                 fffff800bd2e0000-fffff800bd30c000 (180224 bytes)
Module   \??\C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys                                                                                                                                                                                  fffff800bd310000-fffff800bd33e000 (188416 bytes)
Module   \SystemRoot\system32\drivers\filecrypt.sys                                                                                                                                                                                                   fffff800bd340000-fffff800bd35d000 (118784 bytes)
Module   \SystemRoot\system32\drivers\tbs.sys                                                                                                                                                                                                         fffff800bd360000-fffff800bd36c000 (49152 bytes)
Module   \SystemRoot\system32\drivers\NISx64\1605040.018\Ironx64.SYS                                                                                                                                                                                  fffff800bd370000-fffff800bd3b8000 (294912 bytes)
Module   \SystemRoot\System32\Drivers\Null.SYS                                                                                                                                                                                                        fffff800bd3c0000-fffff800bd3ca000 (40960 bytes)
Module   \SystemRoot\System32\Drivers\Beep.SYS                                                                                                                                                                                                        fffff800bd3d0000-fffff800bd3da000 (40960 bytes)
Module   \SystemRoot\System32\drivers\BasicDisplay.sys                                                                                                                                                                                                fffff800bd3e0000-fffff800bd3f4000 (81920 bytes)
Module   \SystemRoot\System32\drivers\watchdog.sys                                                                                                                                                                                                    fffff800bd400000-fffff800bd415000 (86016 bytes)
Module   \SystemRoot\System32\drivers\dxgkrnl.sys                                                                                                                                                                                                     fffff800bd420000-fffff800bd60d000 (2019328 bytes)
Module   \SystemRoot\System32\drivers\BasicRender.sys                                                                                                                                                                                                 fffff800bd610000-fffff800bd622000 (73728 bytes)
Module   \SystemRoot\System32\Drivers\Npfs.SYS                                                                                                                                                                                                        fffff800bd630000-fffff800bd649000 (102400 bytes)
Module   \SystemRoot\System32\Drivers\Msfs.SYS                                                                                                                                                                                                        fffff800bd650000-fffff800bd65f000 (61440 bytes)
Module   \SystemRoot\system32\DRIVERS\tdx.sys                                                                                                                                                                                                         fffff800bd660000-fffff800bd683000 (143360 bytes)
Module   \SystemRoot\system32\DRIVERS\TDI.SYS                                                                                                                                                                                                         fffff800bd690000-fffff800bd69f000 (61440 bytes)
Module   \SystemRoot\System32\DRIVERS\netbt.sys                                                                                                                                                                                                       fffff800bd6a0000-fffff800bd6eb000 (307200 bytes)
Module   \SystemRoot\system32\drivers\afd.sys                                                                                                                                                                                                         fffff800bd6f0000-fffff800bd783000 (602112 bytes)
Module   \SystemRoot\System32\drivers\vwififlt.sys                                                                                                                                                                                                    fffff800bd790000-fffff800bd7a9000 (102400 bytes)
Module   \SystemRoot\System32\drivers\pacer.sys                                                                                                                                                                                                       fffff800bd7b0000-fffff800bd7db000 (176128 bytes)
Module   \SystemRoot\system32\drivers\netbios.sys                                                                                                                                                                                                     fffff800bd7e0000-fffff800bd7f2000 (73728 bytes)
Module   \SystemRoot\system32\DRIVERS\rdbss.sys                                                                                                                                                                                                       fffff800bd800000-fffff800bd871000 (462848 bytes)
Module   \SystemRoot\system32\drivers\csc.sys                                                                                                                                                                                                         fffff800bd880000-fffff800bd90e000 (581632 bytes)
Module   \SystemRoot\system32\drivers\NISx64\1605040.018\SYMNETS.SYS                                                                                                                                                                                  fffff800bde20000-fffff800bdeaf000 (585728 bytes)
Module   \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS                                                                                                                                                                                            fffff800bdeb0000-fffff800bded5000 (151552 bytes)
Module   \SystemRoot\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS                                                                                                                                                                                 fffff800bdee0000-fffff800bdef6000 (90112 bytes)
Module   \SystemRoot\system32\drivers\nsiproxy.sys                                                                                                                                                                                                    fffff800bdf00000-fffff800bdf10000 (65536 bytes)
Module   \SystemRoot\System32\drivers\npsvctrig.sys                                                                                                                                                                                                   fffff800bdf10000-fffff800bdf1d000 (53248 bytes)
Module   \SystemRoot\System32\drivers\mssmbios.sys                                                                                                                                                                                                    fffff800bdf20000-fffff800bdf30000 (65536 bytes)
Module   \??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\IPSDefs\20160304.001\IDSvia64.sys                                                                                                               fffff800bdf30000-fffff800bdfee000 (778240 bytes)
Module   \SystemRoot\System32\drivers\gpuenergydrv.sys                                                                                                                                                                                                fffff800bdff0000-fffff800bdffa000 (40960 bytes)
Module   \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys                                                                                                                                                                 fffff800be640000-fffff800be6bb000 (503808 bytes)
Module   \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys                                                                                                                                                      fffff800be6c0000-fffff800be6e8000 (163840 bytes)
Module   \SystemRoot\System32\Drivers\dfsc.sys                                                                                                                                                                                                        fffff800be6f0000-fffff800be71a000 (172032 bytes)
Module   \??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys                                                                                                              fffff800be000000-fffff800be197000 (1667072 bytes)
Module   \SystemRoot\system32\DRIVERS\ahcache.sys                                                                                                                                                                                                     fffff800be1a0000-fffff800be1dc000 (245760 bytes)
Module   \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys                                                                                                                                     fffff800be1e0000-fffff800be1f1000 (69632 bytes)
Module   \SystemRoot\System32\drivers\kdnic.sys                                                                                                                                                                                                       fffff800be200000-fffff800be20d000 (53248 bytes)
Module   \SystemRoot\System32\drivers\umbus.sys                                                                                                                                                                                                       fffff800be210000-fffff800be225000 (86016 bytes)
Module   \SystemRoot\system32\DRIVERS\igdkmd64.sys                                                                                                                                                                                                    fffff800bf820000-fffff800bfe66000 (6578176 bytes)
Module   \SystemRoot\System32\drivers\USBXHCI.SYS                                                                                                                                                                                                     fffff800bfe70000-fffff800bfed1000 (397312 bytes)
Module   \SystemRoot\system32\drivers\ucx01000.sys                                                                                                                                                                                                    fffff800bfee0000-fffff800bff18000 (229376 bytes)
Module   \SystemRoot\System32\drivers\TeeDriverW8x64.sys                                                                                                                                                                                              fffff800bff20000-fffff800bff50000 (196608 bytes)
Module   \SystemRoot\System32\drivers\usbehci.sys                                                                                                                                                                                                     fffff800bff50000-fffff800bff6c000 (114688 bytes)
Module   \SystemRoot\System32\drivers\USBPORT.SYS                                                                                                                                                                                                     fffff800bff70000-fffff800bffe5000 (479232 bytes)
Module   \SystemRoot\System32\drivers\HDAudBus.sys                                                                                                                                                                                                    fffff800bf000000-fffff800bf01a000 (106496 bytes)
Module   \SystemRoot\System32\drivers\portcls.sys                                                                                                                                                                                                     fffff800bf020000-fffff800bf078000 (360448 bytes)
Module   \SystemRoot\System32\drivers\drmk.sys                                                                                                                                                                                                        fffff800bf080000-fffff800bf0a1000 (135168 bytes)
Module   \SystemRoot\System32\drivers\ks.sys                                                                                                                                                                                                          fffff800bf0b0000-fffff800bf118000 (425984 bytes)
Module   \SystemRoot\System32\drivers\rt640x64.sys                                                                                                                                                                                                    fffff800bf120000-fffff800bf1f9000 (888832 bytes)
Module   \SystemRoot\System32\Drivers\fastfat.SYS                                                                                                                                                                                                     fffff800bf200000-fffff800bf256000 (352256 bytes)
Module   \SystemRoot\System32\drivers\intelppm.sys                                                                                                                                                                                                    fffff800bf260000-fffff800bf28b000 (176128 bytes)
Module   \SystemRoot\System32\drivers\acpipagr.sys                                                                                                                                                                                                    fffff800bf290000-fffff800bf29b000 (45056 bytes)
Module   \SystemRoot\System32\drivers\wmiacpi.sys                                                                                                                                                                                                     fffff800bf2a0000-fffff800bf2ac000 (49152 bytes)
Module   \SystemRoot\System32\drivers\NdisVirtualBus.sys                                                                                                                                                                                              fffff800bf2b0000-fffff800bf2bd000 (53248 bytes)
Module   \SystemRoot\System32\drivers\swenum.sys                                                                                                                                                                                                      fffff800bf2c0000-fffff800bf2cc000 (49152 bytes)
Module   \SystemRoot\System32\drivers\rdpbus.sys                                                                                                                                                                                                      fffff800bf2d0000-fffff800bf2de000 (57344 bytes)
Module   \SystemRoot\System32\drivers\usbhub.sys                                                                                                                                                                                                      fffff800bf2e0000-fffff800bf360000 (524288 bytes)
Module   \SystemRoot\System32\drivers\USBD.SYS                                                                                                                                                                                                        fffff800bf360000-fffff800bf36e000 (57344 bytes)
Module   \SystemRoot\System32\drivers\UsbHub3.sys                                                                                                                                                                                                     fffff800bf370000-fffff800bf3f7000 (552960 bytes)
Module   \SystemRoot\system32\drivers\RTKVHD64.sys                                                                                                                                                                                                    fffff800c07c0000-fffff800c0c3d000 (4706304 bytes)
Module   \SystemRoot\system32\drivers\ksthunk.sys                                                                                                                                                                                                     fffff800c0c40000-fffff800c0c4e000 (57344 bytes)
Module   \SystemRoot\System32\drivers\hidusb.sys                                                                                                                                                                                                      fffff800c0c50000-fffff800c0c61000 (69632 bytes)
Module   \SystemRoot\System32\drivers\HIDCLASS.SYS                                                                                                                                                                                                    fffff800c0c70000-fffff800c0c9e000 (188416 bytes)
Module   \SystemRoot\System32\drivers\HIDPARSE.SYS                                                                                                                                                                                                    fffff800c0ca0000-fffff800c0cb1000 (69632 bytes)
Module   \SystemRoot\System32\drivers\usbccgp.sys                                                                                                                                                                                                     fffff800c0cc0000-fffff800c0ceb000 (176128 bytes)
Module   \SystemRoot\System32\drivers\mouhid.sys                                                                                                                                                                                                      fffff800c0cf0000-fffff800c0cff000 (61440 bytes)
Module   \SystemRoot\System32\drivers\mouclass.sys                                                                                                                                                                                                    fffff800c0d00000-fffff800c0d12000 (73728 bytes)
Module   \SystemRoot\System32\drivers\kbdhid.sys                                                                                                                                                                                                      fffff800c0d20000-fffff800c0d30000 (65536 bytes)
Module   \SystemRoot\System32\drivers\kbdclass.sys                                                                                                                                                                                                    fffff800c0d30000-fffff800c0d43000 (77824 bytes)
Module   \SystemRoot\System32\Drivers\dump_diskdump.sys                                                                                                                                                                                               fffff800c0d60000-fffff800c0d6f000 (61440 bytes)
Module   \SystemRoot\System32\Drivers\dump_storahci.sys                                                                                                                                                                                               fffff800c0da0000-fffff800c0dc5000 (151552 bytes)
Module   \SystemRoot\System32\Drivers\dump_dumpfve.sys                                                                                                                                                                                                fffff800c0000000-fffff800c001c000 (114688 bytes)
Module   \SystemRoot\System32\win32k.sys                                                                                                                                                                                                              fffff960e7730000-fffff960e7753000 (143360 bytes)
Module   \SystemRoot\System32\win32kfull.sys                                                                                                                                                                                                          fffff960e6800000-fffff960e6b82000 (3678208 bytes)
Module   \SystemRoot\System32\win32kbase.sys                                                                                                                                                                                                          fffff960e6b90000-fffff960e6cf2000 (1449984 bytes)
Module   \SystemRoot\System32\drivers\dxgmms2.sys                                                                                                                                                                                                     fffff800c0520000-fffff800c05b2000 (598016 bytes)
Module   \SystemRoot\System32\drivers\monitor.sys                                                                                                                                                                                                     fffff800c05c0000-fffff800c05d0000 (65536 bytes)
Module   \SystemRoot\System32\TSDDD.dll                                                                                                                                                                                                               fffff960e6d10000-fffff960e6d1a000 (40960 bytes)
Module   \SystemRoot\System32\cdd.dll                                                                                                                                                                                                                 fffff960e6d20000-fffff960e6d5c000 (245760 bytes)
Module   \SystemRoot\system32\drivers\luafv.sys                                                                                                                                                                                                       fffff800c05d0000-fffff800c05f6000 (155648 bytes)
Module   \SystemRoot\system32\drivers\storqosflt.sys                                                                                                                                                                                                  fffff800c0600000-fffff800c0619000 (102400 bytes)
Module   \SystemRoot\system32\drivers\lltdio.sys                                                                                                                                                                                                      fffff800c0620000-fffff800c0636000 (90112 bytes)
Module   \SystemRoot\system32\drivers\mslldp.sys                                                                                                                                                                                                      fffff800c0640000-fffff800c065a000 (106496 bytes)
Module   \SystemRoot\system32\drivers\rspndr.sys                                                                                                                                                                                                      fffff800c0660000-fffff800c067a000 (106496 bytes)
Module   \SystemRoot\System32\DRIVERS\wanarp.sys                                                                                                                                                                                                      fffff800c0680000-fffff800c069b000 (110592 bytes)
Module   \SystemRoot\system32\drivers\HTTP.sys                                                                                                                                                                                                        fffff800c06a0000-fffff800c07b1000 (1118208 bytes)
Module   \SystemRoot\system32\DRIVERS\bowser.sys                                                                                                                                                                                                      fffff800c0020000-fffff800c0043000 (143360 bytes)
Module   \SystemRoot\system32\DRIVERS\mrxsmb.sys                                                                                                                                                                                                      fffff800c0050000-fffff800c00c2000 (466944 bytes)
Module   \SystemRoot\system32\DRIVERS\mrxsmb20.sys                                                                                                                                                                                                    fffff800c00d0000-fffff800c010a000 (237568 bytes)
Module   \SystemRoot\System32\drivers\mpsdrv.sys                                                                                                                                                                                                      fffff800c0110000-fffff800c0129000 (102400 bytes)
Module   \SystemRoot\System32\DRIVERS\srvnet.sys                                                                                                                                                                                                      fffff800c0130000-fffff800c0171000 (266240 bytes)
Module   \SystemRoot\System32\DRIVERS\srv2.sys                                                                                                                                                                                                        fffff800c0180000-fffff800c022f000 (716800 bytes)
Module   \SystemRoot\system32\drivers\mmcss.sys                                                                                                                                                                                                       fffff800c0230000-fffff800c0244000 (81920 bytes)
Module   \SystemRoot\system32\DRIVERS\mrxsmb10.sys                                                                                                                                                                                                    fffff800c0250000-fffff800c029e000 (319488 bytes)
Module   \SystemRoot\system32\drivers\Ndu.sys                                                                                                                                                                                                         fffff800c02a0000-fffff800c02c6000 (155648 bytes)
Module   \SystemRoot\system32\drivers\peauth.sys                                                                                                                                                                                                      fffff800c02d0000-fffff800c0390000 (786432 bytes)
Module   \SystemRoot\System32\DRIVERS\srv.sys                                                                                                                                                                                                         fffff800c0390000-fffff800c041c000 (573440 bytes)
Module   \SystemRoot\System32\drivers\tcpipreg.sys                                                                                                                                                                                                    fffff800c0420000-fffff800c0434000 (81920 bytes)
Module   \SystemRoot\System32\drivers\condrv.sys                                                                                                                                                                                                      fffff800c0440000-fffff800c0451000 (69632 bytes)
Module   \SystemRoot\System32\drivers\tunnel.sys                                                                                                                                                                                                      fffff800c0460000-fffff800c048f000 (192512 bytes)
Module   \SystemRoot\system32\DRIVERS\gwdrv.sys                                                                                                                                                                                                       fffff800c0490000-fffff800c049d000 (53248 bytes)
Module   \SystemRoot\system32\drivers\NISx64\1605040.018\SRTSP64.SYS                                                                                                                                                                                  fffff800bf400000-fffff800bf4e5000 (937984 bytes)
Module   \SystemRoot\System32\drivers\SMR501.SYS                                                                                                                                                                                                      fffff800c04d0000-fffff800c04ef000 (126976 bytes)
Module   \??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\VirusDefs\20160304.020\EX64.SYS                                                                                                                 fffff800bf4f0000-fffff800bf6ff000 (2158592 bytes)
Module   \??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.5.4.24\Definitions\VirusDefs\20160304.020\ENG64.SYS                                                                                                                fffff800c04a0000-fffff800c04c3000 (143360 bytes)
Module   \??\C:\Users\DENNIS~1\AppData\Local\Temp\afadyaow.sys (GMER)                                                                                                                                                                                 fffff800c04f0000-fffff800c0500000 (65536 bytes)

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [572:604]                                                                                                                                                                                                      fffff960e6d24060
Thread   C:\Windows\ImmersiveControlPanel\SystemSettings.exe [4564:4248]                                                                                                                                                                              00007fff72100880
Thread   C:\Windows\ImmersiveControlPanel\SystemSettings.exe [4564:4504]                                                                                                                                                                              00007fff662dfc00
---- Processes - GMER 2.1 ----

Process  C:\Windows\System32\smss.exe (*** suspicious ***) @ \SystemRoot\System32\smss.exe [332]                                                                                                                                                      00007ff6b3040000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ \SystemRoot\System32\smss.exe [332]                                                                                                                                                     00007fff77df0000
Process  C:\Windows\system32\csrss.exe (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                     00007ff7a9bf0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                     00007fff77df0000
Library  C:\Windows\system32\CSRSRV.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                    00007fff743f0000
Library  C:\Windows\system32\basesrv.DLL (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                   00007fff743d0000
Library  C:\Windows\system32\winsrv.DLL (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                    00007fff74390000
Library  C:\Windows\system32\USER32.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                    00007fff779f0000
Library  C:\Windows\system32\kernelbase.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                00007fff747d0000
Library  C:\Windows\system32\kernel32.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                  00007fff77520000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                     00007fff775d0000
Library  C:\Windows\system32\sxssrv.DLL (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                    00007fff74380000
Library  C:\Windows\system32\sxs.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                       00007fff742a0000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                                    00007fff76e70000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [480]                                                                                                                                          00007fff750c0000
Process  C:\Windows\system32\csrss.exe (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                     00007ff7a9bf0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                     00007fff77df0000
Library  C:\Windows\system32\CSRSRV.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                    00007fff743f0000
Library  C:\Windows\system32\basesrv.DLL (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                   00007fff743d0000
Library  C:\Windows\system32\winsrv.DLL (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                    00007fff74390000
Library  C:\Windows\system32\USER32.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                    00007fff779f0000
Library  C:\Windows\system32\kernelbase.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                00007fff747d0000
Library  C:\Windows\system32\kernel32.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                  00007fff77520000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                     00007fff775d0000
Library  C:\Windows\system32\sxssrv.DLL (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                    00007fff74380000
Library  C:\Windows\system32\sxs.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                       00007fff742a0000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                                    00007fff76e70000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [572]                                                                                                                                          00007fff750c0000
Process  C:\Windows\system32\wininit.exe (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                 00007ff74e450000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                   00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                              00007fff747d0000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                  00007fff769a0000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                  00007fff76e70000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                 00007fff77270000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                 00007fff74420000
Library  C:\Windows\SYSTEM32\wininitext.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                              00007fff74340000
Library  C:\Windows\system32\USER32.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                  00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                   00007fff775d0000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                  00007fff77830000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                 00007fff73ce0000
Library  C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [592]                                                                                                                                                 00007fff74090000
Process  C:\Windows\system32\winlogon.exe (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                               00007ff6429e0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                  00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                               00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                             00007fff747d0000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff769a0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff76e70000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                               00007fff74450000
Library  C:\Windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff74350000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                               00007fff772d0000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff74420000
Library  C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                  00007fff775d0000
Library  C:\Windows\system32\IMM32.DLL (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                  00007fff774e0000
Library  C:\Windows\SYSTEM32\winsta.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff74240000
Library  C:\Windows\system32\UXINIT.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff72ce0000
Library  C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff75130000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff77b50000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                       00007fff750c0000
Library  C:\Windows\system32\UxTheme.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff72c40000
Library  C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff745b0000
Library  C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff74410000
Library  C:\Windows\system32\DPAPI.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                  00007fff73a60000
Library  C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                              00007fff73eb0000
Library  C:\Windows\SYSTEM32\dwminit.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff72ad0000
Library  C:\Windows\system32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff74090000
Library  C:\Windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff729d0000
Library  C:\Windows\SYSTEM32\usermgrcli.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                             00007fff721e0000
Library  C:\Windows\SYSTEM32\ntmarta.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff73900000
Library  C:\Windows\system32\MPR.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                    00007fff65670000
Library  C:\Windows\SYSTEM32\wtsapi32.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                               00007fff713a0000
Library  C:\Windows\system32\USERENV.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff73b70000
Library  C:\Windows\SYSTEM32\profext.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                00007fff639d0000
Library  C:\Windows\system32\firewallapi.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                            00007fff749e0000
Library  C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [628]                                                                                                                                                 00007fff72f60000
Process  C:\Windows\system32\services.exe (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                               00007ff6c1f80000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                  00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                               00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                             00007fff747d0000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff76e70000
Library  C:\Windows\system32\EventAggregation.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                       00007fff74220000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff769a0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff77270000
Library  C:\Windows\SYSTEM32\scesrv.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff73750000
Library  C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff74090000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                               00007fff772d0000
Library  C:\Windows\SYSTEM32\ntmarta.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff73900000
Library  C:\Windows\SYSTEM32\efswrt.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff73660000
Library  C:\Windows\system32\SHCORE.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff75130000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff77b50000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                       00007fff750c0000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                         00007fff74440000
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                               00007fff771a0000
Library  C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                               00007fff73520000
Library  C:\Windows\SYSTEM32\edputil.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff734d0000
Library  C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff77140000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                  00007fff775d0000
Library  C:\Windows\system32\USER32.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff779f0000
Library  C:\Windows\system32\AUTHZ.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                  00007fff73480000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff74420000
Library  C:\Windows\system32\DABAPI.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff72a50000
Library  C:\Windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff729d0000
Library  C:\Windows\system32\srvcli.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff66a60000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                 00007fff77830000
Library  C:\Windows\SYSTEM32\spinf.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                  00007fff66690000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                                00007fff73ce0000
Library  C:\Windows\SYSTEM32\usermgrcli.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [700]                                                                                                                                             00007fff721e0000
Process  C:\Windows\system32\lsass.exe (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                     00007ff655750000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                     00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                00007fff747d0000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff76e70000
Library  C:\Windows\system32\lsasrv.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff740c0000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff769a0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff77270000
Library  C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff74410000
Library  C:\Windows\system32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff74090000
Library  C:\Windows\SYSTEM32\samsrv.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73fb0000
Library  C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff745b0000
Library  C:\Windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff74350000
Library  C:\Windows\system32\ncrypt.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73f80000
Library  C:\Windows\system32\NTASN1.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73f40000
Library  C:\Windows\system32\bcryptprimitives.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                          00007fff750c0000
Library  C:\Windows\system32\msprivs.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00000206718e0000
Library  C:\Windows\SYSTEM32\netprovfw.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                 00007fff73f20000
Library  C:\Windows\system32\JOINUTIL.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73ef0000
Library  C:\Windows\system32\negoexts.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73ec0000
Library  C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                 00007fff73eb0000
Library  C:\Windows\system32\kerberos.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73db0000
Library  C:\Windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff73d90000
Library  C:\Windows\system32\KerbClientShared.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                          00007fff73d60000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff77830000
Library  C:\Windows\system32\cryptdll.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]
         
TEIL 4

Code:
ATTFilter
00007fff73d40000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff73ce0000
Library  C:\Windows\system32\msv1_0.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73c80000
Library  C:\Windows\system32\NtlmShared.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                00007fff73c70000
Library  C:\Windows\system32\netlogon.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73b90000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff74450000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff772d0000
Library  C:\Windows\system32\USERENV.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff73b70000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff74420000
Library  C:\Windows\system32\tspkg.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                     00007fff73b50000
Library  C:\Windows\system32\pku2u.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                     00007fff73b00000
Library  C:\Windows\system32\cloudAP.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff73ac0000
Library  C:\Windows\SYSTEM32\MicrosoftAccountCloudAP.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                   00007fff73a70000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff77b50000
Library  C:\Windows\SYSTEM32\DPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                     00007fff73a60000
Library  C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73a20000
Library  C:\Windows\system32\wdigest.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff739e0000
Library  C:\Windows\system32\schannel.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73960000
Library  C:\Windows\system32\PCPKsp.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73940000
Library  C:\Windows\SYSTEM32\ntmarta.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff73900000
Library  C:\Windows\system32\PCPTPM12.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73870000
Library  C:\Windows\system32\tbs.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                       00007fff73860000
Library  C:\Windows\system32\efslsaext.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                 00007fff73830000
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff771a0000
Library  C:\Windows\system32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff73820000
Library  C:\Windows\system32\dpapisrv.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff737e0000
Library  C:\Windows\system32\SspiSrv.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff737d0000
Library  C:\Windows\system32\scecli.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff73700000
Library  C:\Windows\SYSTEM32\winsta.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff74240000
Library  C:\Windows\system32\DNSAPI.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff72b60000
Library  C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                       00007fff77de0000
Library  C:\Windows\SYSTEM32\wevtapi.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                   00007fff71550000
Library  C:\Windows\system32\keyiso.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff66390000
Library  C:\Windows\system32\NCRYPTPROV.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                00007fff65aa0000
Library  C:\Windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff6f7a0000
Library  C:\Windows\system32\cfgmgr32.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff74780000
Library  C:\Windows\SYSTEM32\fveapi.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff68f50000
Library  C:\Windows\system32\ncryptsslp.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                00007fff628a0000
Library  C:\Windows\system32\dssenh.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff61640000
Library  C:\Windows\SYSTEM32\gpapi.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                     00007fff731e0000
Library  C:\Windows\SYSTEM32\mskeyprotect.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                              00007fff61620000
Library  C:\Windows\System32\SecureTimeAggregator.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                      00007fff615f0000
Library  C:\Windows\system32\DSROLE.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                    00007fff72230000
Library  C:\Windows\System32\cryptnet.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff670b0000
Library  C:\Windows\System32\vaultsvc.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [712]                                                                                                                                                  00007fff61920000
Process  C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007ff7756f0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                              00007fff747d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff76e70000
Library  C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff73380000
Library  c:\windows\system32\umpnpmgr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff73360000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff769a0000
Library  c:\windows\system32\umpo.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                    00007fff73330000
Library  C:\Windows\SYSTEM32\umpoext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff73310000
Library  C:\Windows\system32\cfgmgr32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff74780000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff74450000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff77b50000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                        00007fff750c0000
Library  C:\Windows\SYSTEM32\tdh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                     00007fff73210000
Library  C:\Windows\SYSTEM32\gpapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff731e0000
Library  C:\Windows\SYSTEM32\HID.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                     00007fff731d0000
Library  c:\windows\system32\rpcss.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff730e0000
Library  c:\windows\system32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff74090000
Library  c:\windows\system32\bisrv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff73000000
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff771a0000
Library  c:\windows\system32\EventAggregation.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                        00007fff74220000
Library  c:\windows\system32\psmsrv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff72fd0000
Library  c:\windows\system32\RMCLIENT.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff72fa0000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                          00007fff74440000
Library  C:\Windows\SYSTEM32\ntmarta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff73900000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff772d0000
Library  c:\windows\system32\lsm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                     00007fff72ea0000
Library  c:\windows\system32\SYSNTFY.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff72e90000
Library  C:\Windows\SYSTEM32\psmserviceexthost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                       00007fff72e00000
Library  C:\Windows\SYSTEM32\twinapi.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                         00007fff72d00000
Library  c:\windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff74350000
Library  C:\Windows\System32\Userenv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff73b70000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff74420000
Library  c:\windows\system32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff72c10000
Library  c:\windows\system32\systemeventsbrokerserver.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                00007fff72af0000
Library  c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                               00007fff72a90000
Library  c:\windows\system32\DAB.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                     00007fff72a60000
Library  C:\Windows\SYSTEM32\usermgrcli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                              00007fff721e0000
Library  C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff768f0000
Library  C:\Windows\SYSTEM32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                      00007fff71c80000
Library  C:\Windows\SYSTEM32\wtsapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]
         

Alt 09.03.2016, 11:51   #12
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



TEIL 5

Code:
ATTFilter
00007fff713a0000
Library  C:\Windows\SYSTEM32\WINSTA.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff74240000
Library  C:\Windows\system32\CRYPTBASE.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                               00007fff73eb0000
Library  C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff775d0000
Library  C:\Windows\System32\ActXPrxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff70eb0000
Library  C:\Windows\System32\BackgroundMediaPolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                   00007fff648f0000
Library  C:\Windows\System32\ACPBackgroundManagerPolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                              00007fff64070000
Library  C:\Windows\system32\CbtBackgroundManagerPolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                              00007fff64060000
Library  C:\Windows\System32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                           00007fff64040000
Library  C:\Windows\system32\SebBackgroundManagerPolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                              00007fff64030000
Library  C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff778a0000
Library  C:\Windows\system32\coml2.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                   00007fff77760000
Library  C:\Windows\system32\execmodelproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                          00007fff64000000
Library  C:\Windows\System32\Windows.StateRepository.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                 00007fff68330000
Library  C:\Windows\System32\StateRepository.Core.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                    00007fff68230000
Library  C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                         00007fff74a70000
Library  C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff77140000
Library  C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                  00007fff75130000
Library  C:\Windows\System32\execmodelclient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                         00007fff63df0000
Library  C:\Windows\System32\CoreMessaging.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                           00007fff72510000
Library  C:\Windows\SYSTEM32\licensemanagerapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                       00007fff5e7c0000
Library  c:\windows\system32\msvcp110_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                            00007fff71600000
Library  C:\Windows\SYSTEM32\capauthz.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                00007fff5e790000
Library  C:\Windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [792]                                                                                                                                                 00007fff729d0000
Process  C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                 00007ff7756f0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]    




                                                                                                                                               00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                              00007fff747d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                 00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                  00007fff76e70000
Library  C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff73380000
Library  c:\windows\system32\rpcepmap.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff730c0000
Library  C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                 00007fff74090000
Library  C:\Windows\system32\RpcRtRemote.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                             00007fff730a0000
Library  c:\windows\system32\rpcss.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                   00007fff730e0000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                  00007fff769a0000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                 00007fff77b50000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                        00007fff750c0000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                  00007fff77830000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                 00007fff73ce0000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff74450000
Library  C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                             00007fff749e0000
Library  C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                  00007fff72f60000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                          00007fff74440000
Library  C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                 00007fff768f0000
Library  C:\Windows\system32\fwpuclnt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff6ba70000
Library  C:\Windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                  00007fff74350000
Library  C:\Windows\SYSTEM32\wtsapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff713a0000
Library  C:\Windows\SYSTEM32\WINSTA.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                  00007fff74240000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff772d0000
Library  C:\Windows\SYSTEM32\capauthz.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                                00007fff5e790000
Library  C:\Windows\SYSTEM32\usermgrcli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [856]                                                                                                                                              00007fff721e0000
Process  C:\Windows\system32\dwm.exe (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                         00007ff666ac0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                  00007fff747d0000
Library  C:\Windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff729d0000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff769a0000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff772d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff76e70000
Library  C:\Windows\system32\gdi32.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff775d0000
Library  C:\Windows\system32\USER32.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff779f0000
Library  C:\Windows\SYSTEM32\dwmredir.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff729a0000
Library  C:\Windows\system32\dcomp.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff725e0000
Library  C:\Windows\system32\dwmcore.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff727b0000
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff771a0000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff77b50000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\sys

tem32\dwm.exe [952]                                                                                                                                            00007fff750c0000
Library  C:\Windows\SYSTEM32\udwm.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                        00007fff726d0000
Library  C:\Windows\system32\CoreMessaging.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                               00007fff72510000
Library  C:\Windows\system32\IMM32.DLL (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff774e0000
Library  C:\Windows\system32\uxtheme.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff72c40000
Library  C:\Windows\SYSTEM32\dwmghost.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff720d0000
Library  C:\Windows\system32\dwmapi.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff72040000
Library  C:\Windows\system32\d3d11.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff71940000
Library  C:\Windows\system32\dxgi.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                        00007fff71750000
Library  C:\Windows\system32\WindowsCodecs.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                               00007fff70ca0000
Library  C:\Windows\SYSTEM32\ism32k.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff70c60000
Library  C:\Windows\system32\avrt.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                        00007fff70b00000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                              00007fff74440000
Library  C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff768f0000
Library  C:\Windows\System32\UIAnimation.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                 00007fff70ab0000
Library  C:\Windows\System32\Windows.Gaming.Input.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                        00007fff70a10000
Library  C:\Windows\system32\CFGMGR32.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff74780000
Library  C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff75130000
Library  C:\Windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff74350000
Library  C:\Windows\system32\igd10iumd64.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                 00007fff6f7e0000
Library  C:\Windows\system32\ncrypt.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff73f80000
Library  C:\Windows\system32\NTASN1.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                      00007fff73f40000
Library  C:\Windows\system32\igdusc64.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff6e1e0000
Library  C:\Windows\system32\igd11dxva64.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                 00007fff69ba0000
Library  C:\Windows\system32\SETUPAPI.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                    00007fff76a40000
Library  C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff778a0000
Library  C:\Windows\system32\d2d1.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                        00007fff69010000
Library  C:\Windows\system32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff71900000
Library  C:\Windows\system32\Cabinet.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                     00007fff69b70000
Library  C:\Windows\system32\d3d10warp.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                   00007fff59770000
Library  C:\Windows\system32\MSCTF.dll (*** suspicious ***) @ C:\Windows\system32\dwm.exe [952]                                                                                                                                                       00007fff77380000
Process  C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007ff7756f0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                             00007fff747d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff76e70000
Library  C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff73380000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff77b50000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff769a0000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                       00007fff750c0000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                         00007fff74440000
Library  C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe
         

Alt 09.03.2016, 11:51   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Poste keine UNIX/Linux Logs mehr. Von Windows nur von dem einen betroffenen Windows-System.

Da bitte MBAR laufen lassen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.03.2016, 11:53   #14
dennissteins
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



TEIL 6

Code:
ATTFilter
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff771a0000
Library  c:\windows\system32\profsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff72070000
Library  c:\windows\system32\schedsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff71e50000
Library  c:\windows\system32\UBPM.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                   00007fff71c10000
Library  c:\windows\system32\EventAggregation.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                       00007fff74220000
Library  c:\windows\system32\AUTHZ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff73480000
Library  C:\Windows\SYSTEM32\profsvcext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                             00007fff71880000
Library  C:\Windows\system32\WLDAP32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff777d0000
Library  c:\windows\system32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff73820000
Library  C:\Windows\system32\SHELL32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff75390000
Library  c:\windows\system32\logoncli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff716a0000
Library  C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                        00007fff74a70000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff772d0000
Library  C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff77140000
Library  C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff75130000
Library  C:\Windows\System32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff74090000
Library  c:\windows\system32\WMICLNT.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff70e90000
Library  c:\windows\system32\sens.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                   00007fff70e60000
Library  C:\Windows\SYSTEM32\gpapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff731e0000
Library  c:\windows\system32\usermgr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff70b70000
Library  C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff73520000
Library  c:\windows\system32\lfsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff70aa0000
Library  c:\windows\system32\msvcp110_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff71600000
Library  c:\windows\system32\LocationFramework.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                      00007fff70890000
Library  c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                              00007fff72a90000
Library  C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff745b0000
Library  C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff74410000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff77830000
Library  c:\windows\system32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff71900000
Library  c:\windows\system32\WINHTTP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff70520000
Library  c:\windows\system32\wlanapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff6f730000
Library  c:\windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff74350000
Library  c:\windows\system32\themeservice.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff6f3c0000
Library  C:\Windows\System32\usermgrproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff6f370000
Library  C:\Windows\SYSTEM32\winsta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff74240000
Library  C:\Windows\system32\taskcomp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6f0f0000
Library  C:\Windows\System32\LocationWinPalMisc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                     00007fff6ee60000
Library  C:\Windows\System32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff72c10000
Library  C:\Windows\System32\npmproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6f260000
Library  c:\windows\system32\wkscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                                      
00007fff6f410000
Library  C:\Windows\SYSTEM32\WPTaskScheduler.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                        00007fff6ee10000
Library  C:\Windows\SYSTEM32\CSystemEventsBrokerClient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                              00007fff6f030000
Library  C:\Windows\SYSTEM32\netjoin.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff6f3e0000
Library  C:\Windows\SYSTEM32\JoinUtil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff73ef0000
Library  C:\Windows\System32\PROPSYS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff713c0000
Library  C:\Windows\System32\GnssAdapter.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff6e060000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff73ce0000
Library  c:\windows\system32\wbem\wmisvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff6e020000
Library  C:\Windows\SYSTEM32\wbemcomn.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6ebf0000
Library  c:\windows\system32\SAMLIB.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff71c60000
Library  c:\windows\system32\WTSAPI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff713a0000
Library  C:\Windows\SYSTEM32\policymanager.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff6dfb0000
Library  C:\Windows\SYSTEM32\VSSAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff6bf80000
Library  C:\Windows\SYSTEM32\VssTrace.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6bae0000
Library  c:\windows\system32\DABAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff72a50000
Library  C:\Windows\system32\SETUPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff76a40000
Library  C:\Windows\system32\WINTRUST.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff74550000
Library  C:\Windows\SYSTEM32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                     00007fff71c80000
Library  C:\Windows\System32\Cabinet.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff69b70000
Library  C:\Windows\System32\wer.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff6b920000
Library  C:\Windows\System32\DEVRTL.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff6b9c0000
Library  C:\Windows\SYSTEM32\samcli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff696d0000
Library  c:\windows\system32\shsvcs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff69560000
Library  C:\Windows\SYSTEM32\wevtapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff71550000
Library  c:\windows\system32\FVEAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff68f50000
Library  C:\Windows\system32\wbem\wbemcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff68a90000
Library  C:\Windows\system32\wbem\FastProx.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff68950000
Library  C:\Windows\system32\wbem\esscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff688d0000
Library  C:\Windows\SYSTEM32\ondemandconnroutehelper.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                00007fff68310000
Library  C:\Windows\SYSTEM32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6f7a0000
Library  c:\windows\system32\srvsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff680d0000
Library  C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff77de0000
Library  c:\windows\system32\WINNSI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff70880000
Library  C:\Windows\System32\ProximityService.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                       00007fff68050000
Library  c:\windows\system32\ikeext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff67c40000
Library  c:\windows\system32\fwpuclnt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6ba70000
Library  C:\Windows\system32\wbem\wbemsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff67bd0000
Library  c:\windows\system32\iphlpsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff67660000
Library  C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff749e0000
Library  c:\windows\system32\rtutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff67630000
Library  C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff72f60000
Library  C:\Windows\system32\ProximityCommon.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                        00007fff68010000
Library  C:\Windows\system32\ProximityCommonPal.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                     00007fff67f40000
Library  C:\Windows\system32\ProximityServicePAL.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                    00007fff67c30000
Library  C:\Windows\SYSTEM32\dhcpcsvc6.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                              00007fff6f430000
Library  C:\Windows\system32\wbem\wmiutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff67ba0000
Library  C:\Windows\system32\sqmapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff67b20000
Library  C:\Windows\SYSTEM32\dhcpcsvc.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6f640000
Library  C:\Windows\system32\SSCORE.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff67b00000
Library  C:\Windows\SYSTEM32\sscoreext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                              00007fff67b90000
Library  C:\Windows\system32\httpprxm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff67290000
Library  C:\Windows\system32\adhsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff67ae0000
Library  C:\Windows\system32\wbem\repdrvfs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff67200000
Library  C:\Windows\system32\mi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                     00007fff671e0000
Library  C:\Windows\system32\miutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff67180000
Library  c:\windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff73d90000
Library  C:\Windows\SYSTEM32\httpprxc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff688c0000
Library  C:\Windows\system32\wmidcom.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff67150000
Library  C:\Windows\system32\DPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff73a60000
Library  C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff73a20000
Library  C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                              00007fff73eb0000
Library  C:\Windows\system32\RESUTILS.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff67050000
Library  C:\Windows\system32\CLUSAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff66f10000
Library  C:\Windows\system32\ncrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]
         
TEIL 7

Code:
ATTFilter
0007fff73f80000
Library  C:\Windows\system32\NTASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff73f40000
Library  C:\Windows\system32\DNSAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff72b60000
Library  C:\Windows\system32\ACTIVEDS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff66ec0000
Library  C:\Windows\system32\adsldpc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff66c20000
Library  C:\Windows\System32\rasadhlp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff68890000
Library  C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff778a0000
Library  C:\Windows\system32\ATL.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff666b0000
Library  C:\Windows\SYSTEM32\sxs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff742a0000
Library  c:\windows\system32\WDSCORE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff66620000
Library  C:\Windows\system32\NETAPI32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff749c0000
Library  C:\Windows\SYSTEM32\SECUR32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff66380000
Library  C:\Windows\system32\cscapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff66360000
Library  C:\Windows\system32\FWPolicyIOMgr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff68a50000
Library  c:\windows\system32\HID.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff731d0000
Library  C:\Windows\system32\wbem\wmiprvsd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff659c0000
Library  C:\Windows\SYSTEM32\NCObjAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff66130000
Library  C:\Windows\system32\wbem\wbemess.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff65930000
Library  C:\Windows\system32\wbem\ncprov.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff658f0000
Library  C:\Windows\System32\wbem\krnlprov.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff670f0000
Library  C:\Windows\System32\shacct.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff72000000
Library  C:\Windows\system32\CredentialMigrationHandler.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                             00007fff67100000
Library  C:\Windows\System32\iertutil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6bbf0000
Library  C:\Windows\SYSTEM32\mrmcorer.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6f470000
Library  C:\Windows\SYSTEM32\usermgrcli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                             00007fff721e0000
Library  C:\Windows\SYSTEM32\Bcp47Langs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                             00007fff716e0000
Library  c:\windows\system32\appinfo.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff631e0000
Library  c:\windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff729d0000
Library  c:\windows\system32\wuaueng.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff61ed0000
Library  c:\windows\system32\ESENT.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff672c0000
Library  c:\windows\system32\UpdatePolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff652f0000
Library  C:\Windows\SYSTEM32\wuuhext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff61e60000
Library  C:\Windows\SYSTEM32\WINSPOOL.DRV (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff6b890000
Library  C:\Windows\SYSTEM32\msi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff61a90000
Library  C:\Windows\SYSTEM32\newdev.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff61dd0000
Library  C:\Windows\SYSTEM32\UxTheme.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff72c40000
Library  C:\Windows\system32\hnetcfg.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff64430000
Library  C:\Windows\system32\NetSetupApi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff65910000
Library  C:\Windows\system32\TetheringClient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                        00007fff62c40000
Library  C:\Windows\System32\NetSetupShim.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff62590000
Library  c:\windows\system32\NCI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff652e0000
Library  C:\Windows\System32\winrnr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff64020000
Library  C:\Windows\system32\pnrpnsp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff61780000
Library  C:\Windows\system32\napinsp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff61760000
Library  C:\Windows\system32\SPINF.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff66690000
Library  C:\Windows\system32\drvstore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff5a1f0000
Library  c:\windows\system32\dosvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff61350000
Library  c:\windows\system32\msvcp_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                              00007fff669c0000
Library  C:\Windows\System32\wuapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff62110000
Library  C:\Windows\system32\upnp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                   00007fff617c0000
Library  C:\Windows\system32\SSDPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff6f450000
Library  c:\windows\system32\SLC.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff72270000
Library  c:\windows\system32\sppc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                   00007fff720f0000
Library  C:\Windows\system32\DMCmnUtils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                             00007fff62550000
Library  C:\Windows\System32\MbaeApiPublic.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff60f50000
Library  C:\Windows\SYSTEM32\wwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff61130000
Library  c:\windows\system32\webservices.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                            00007fff62fd0000
Library  C:\Windows\system32\dssenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff61640000
Library  c:\windows\system32\webio.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff64b20000
Library  C:\Windows\system32\schannel.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff73960000
Library  c:\windows\system32\VERSION.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff67760000
Library  C:\Windows\System32\BitsProxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                              00007fff60450000
Library  C:\Windows\SYSTEM32\mskeyprotect.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                           00007fff61620000
Library  C:\Windows\system32\cryptnet.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                               00007fff670b0000
Library  C:\Windows\system32\ncryptsslp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                             00007fff628a0000
Library  c:\windows\system32\usocore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff59b00000
Library  C:\Windows\System32\updatehandlers.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                         00007fff59ab0000
Library  C:\Windows\SYSTEM32\efswrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff73660000
Library  C:\Windows\SYSTEM32\edputil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                00007fff734d0000
Library  c:\windows\system32\bdesvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                 00007fff5b120000
Library  c:\windows\system32\bcd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                    00007fff656e0000
Library  c:\windows\system32\dsreg.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff5ea40000
Library  C:\Windows\system32\coml2.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                  00007fff77760000
Library  C:\Windows\system32\wbem\wbemprox.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                          00007fff6edb0000
Library  C:\Windows\system32\es.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]                                                                                                                                                     00007fff71f80000
Library  C:\Windows\System32\netshell.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]    
00007fff5aa00000
Process  C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007ff7756f0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                  00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                             00007fff747d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff76e70000
Library  C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff73380000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff77b50000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff769a0000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                       00007fff750c0000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                         00007fff74440000
Library  C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                  00007fff775d0000
Library  c:\windows\system32\hidserv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff725d0000
Library  c:\windows\system32\HID.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                    00007fff731d0000
Library  C:\Windows\system32\cfgmgr32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff74780000
Library  C:\Windows\SYSTEM32\winsta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff74240000
Library  C:\Windows\system32\SETUPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff76a40000
Library  C:\Windows\system32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff72c10000
Library  C:\Windows\system32\WINTRUST.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff74550000
Library  C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff74410000
Library  C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff745b0000
Library  c:\windows\system32\audioendpointbuilder.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                   00007fff6f160000
Library  c:\windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff74350000
Library  c:\windows\system32\MMDevAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff6f080000
Library  c:\windows\system32\PROPSYS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff713c0000
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff771a0000
Library  C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff768f0000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff74450000
Library  C:\Windows\SYSTEM32\wtsapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff713a0000
Library  c:\windows\system32\pcasvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff68800000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff772d0000
Library  c:\windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff729d0000
Library  c:\windows\system32\USERENV.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff73b70000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff74420000
Library  c:\windows\system32\trkwks.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff687a0000
Library  c:\windows\system32\sysmain.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff68120000
Library  C:\Windows\SYSTEM32\ntmarta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff73900000
Library  C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff74090000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff77830000
Library  C:\Windows\System32\taskschd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff72120000
Library  C:\Windows\System32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff71900000
Library  c:\windows\system32\wdi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                    00007fff680b0000
Library  C:\Windows\system32\radardt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff67130000
Library  C:\Windows\system32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                     00007fff71c80000
Library  C:\Windows\system32\SystemEventsBrokerClient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                               00007fff663f0000
Library  C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                  00007fff778a0000
Library  C:\Windows\system32\coml2.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                  00007fff77760000
Library  c:\windows\system32\ncbservice.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                             00007fff5e9e0000
Library  C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                    00007fff77de0000
Library  c:\windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff6f7a0000
Library  c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                              00007fff72a90000
Library  C:\Windows\System32\execmodelclient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                        00007fff63df0000
Library  C:\Windows\System32\CoreMessaging.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                          00007fff72510000
Library  C:\Windows\SYSTEM32\httpprxc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff688c0000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff73ce0000
Library  C:\Windows\System32\netprofm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff721f0000
Library  C:\Windows\System32\npmproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff6f260000
Library  C:\Windows\System32\ActXPrxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff70eb0000
Library  C:\Windows\system32\pcadm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                  00007fff70620000
Library  C:\Windows\system32\pcacli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff70610000
Library  C:\Windows\system32\MPR.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                    00007fff65670000
Library  c:\windows\system32\das.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                    00007fff614a0000
Library  c:\windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff73d90000
Library  C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff73a20000
Library  C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                              00007fff73eb0000
Library  C:\Windows\SYSTEM32\efswrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff73660000
Library  C:\Windows\system32\SHCORE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                 00007fff75130000
Library  C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]
         
TEIL 8

Code:
ATTFilter
                                                                             0                                                                                            00007fff73520000
Library  C:\Windows\SYSTEM32\edputil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff734d0000
Library  C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff77140000
Library  C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                        00007fff74a70000
Library  C:\Windows\system32\shell32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                                00007fff75390000
Library  C:\Windows\system32\LINKINFO.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]                                                                                                                                               00007fff5ecb0000
Process  C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007ff7756f0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                   00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                              00007fff747d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff76e70000
Library  C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff73380000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff77b50000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff769a0000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                        00007fff750c0000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                          00007fff74440000
Library  C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                   00007fff775d0000
Library  c:\windows\system32\timebrokerserver.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                        00007fff71f50000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff74450000
Library  c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                               00007fff72a90000
Library  C:\Windows\SYSTEM32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                      00007fff71c80000
Library  C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff768f0000
Library  C:\Windows\System32\execmodelclient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                         00007fff63df0000
Library  C:\Windows\System32\CoreMessaging.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                           00007fff72510000
Library  C:\Windows\System32\twinapi.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                         00007fff72d00000
Library  C:\Windows\System32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff74350000
Library  C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff75130000
Library  c:\windows\system32\fdrespub.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff65000000
Library  c:\windows\system32\wsdapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff5a2d0000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff77830000
Library  C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                     00007fff77de0000
Library  C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                             00007fff749e0000
Library  c:\windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff6f7a0000
Library  c:\windows\system32\webservices.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                             00007fff62fd0000
Library  C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff72f60000
Library  C:\Windows\System32\FunDisc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff663c0000
Library  c:\windows\system32\dhcpcsvc6.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                               00007fff6f430000
Library  c:\windows\system32\dhcpcsvc.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff6f640000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff73ce0000
Library  C:\Windows\system32\wshqos.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff67780000
Library  C:\Windows\system32\wshtcpip.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff67770000
Library  C:\Windows\system32\wship6.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff67650000
Library  c:\windows\system32\WINNSI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff70880000
Library  c:\windows\system32\WINHTTP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff70520000
Library  c:\windows\system32\HTTPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff640f0000
Library  c:\windows\system32\wkscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff6f410000
Library  c:\windows\system32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                00007fff73820000
Library  C:\Windows\System32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff71900000
Library  c:\windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff73d90000
Library  C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                  00007fff73a20000
Library  C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                               00007fff73eb0000
Library  c:\windows\system32\ssdpsrv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff61710000
Library  C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564]                                                                                                                                                 00007fff74090000
Process  C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007ff7756f0000
Library  C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff77df0000
Library  C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff77520000
Library  C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                              00007fff747d0000
Library  C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff77270000
Library  C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff76e70000
Library  C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff73380000
Library  C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff77b50000
Library  C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff769a0000
Library  C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                        00007fff750c0000
Library  C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                          00007fff74440000
Library  C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff779f0000
Library  C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff775d0000
Library  c:\windows\system32\es.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                      00007fff71f80000
Library  C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff772d0000
Library  C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff768f0000
Library  C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff771a0000
Library  C:\Windows\System32\Geolocation.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                             00007fff71800000
Library  C:\Windows\System32\USERENV.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff73b70000
Library  C:\Windows\System32\msvcp110_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                            00007fff71600000
Library  C:\Windows\System32\BiWinrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff715c0000
Library  C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff74420000
Library  C:\Windows\SYSTEM32\twinapi.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                         00007fff72d00000
Library  C:\Windows\System32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff74350000
Library  C:\Windows\System32\deviceaccess.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                            00007fff71350000
Library  c:\windows\system32\nsisvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff70e80000
Library  C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                     00007fff77de0000
Library  c:\windows\system32\netprofmsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                             00007fff6f270000
Library  c:\windows\system32\nlaapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff722a0000
Library  C:\Windows\System32\npmproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff6f260000
Library  C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff778a0000
Library  c:\windows\system32\fntcache.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff6ee80000
Library  C:\Windows\system32\WlanRadioManager.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                        00007fff6ee40000
Library  C:\Windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff6f7a0000
Library  C:\Windows\system32\wlanapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff6f730000
Library  C:\Windows\System32\LocationFrameworkPS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                     00007fff6f040000
Library  C:\Windows\system32\BthRadioMedia.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                           00007fff6edf0000
Library  C:\Windows\system32\cfgmgr32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff74780000
Library  C:\Windows\system32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff72c10000
Library  C:\Windows\SYSTEM32\bluetoothapis.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                           00007fff6edd0000
Library  c:\windows\system32\FontProvider.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                            00007fff6ec70000
Library  C:\Windows\SYSTEM32\sxs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                     00007fff742a0000
Library  C:\Windows\system32\WINNSI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff70880000
Library  C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff77830000
Library  C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff73ce0000
Library  C:\Windows\SYSTEM32\gpapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff731e0000
Library  c:\windows\system32\winhttp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff70520000
Library  C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff74450000
Library  C:\Windows\system32\dhcpcsvc6.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                               00007fff6f430000
Library  C:\Windows\system32\dhcpcsvc.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff6f640000
Library  C:\Windows\system32\DNSAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff72b60000
Library  C:\Windows\System32\rasadhlp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff68890000
Library  c:\windows\system32\wdi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                     00007fff680b0000
Library  C:\Windows\system32\perftrack.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                               00007fff67790000
Library  c:\windows\system32\licensemanagersvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                       00007fff663b0000
Library  C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff75130000
Library  c:\windows\system32\LicenseManager.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                          00007fff621f0000
Library  c:\windows\system32\CLIPC.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff66670000
Library  C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                00007fff64ba0000
Library  C:\Windows\System32\wuapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff62110000
Library  C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff745b0000
Library  C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff74410000
Library  C:\Windows\system32\WINTRUST.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff74550000
Library  C:\Windows\System32\UpdatePolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                            00007fff652f0000
Library  C:\Windows\System32\wups.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                    00007fff65b00000
Library  C:\Windows\System32\msxml6.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff65c60000
Library  C:\Windows\System32\Windows.Web.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                             00007fff6c170000
Library  C:\Windows\System32\iertutil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff6bbf0000
Library  C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                         00007fff74a70000
Library  C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff77140000
Library  C:\Windows\system32\DPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff73a60000
Library  C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                               00007fff73eb0000
Library  C:\Windows\System32\ActXPrxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff70eb0000
Library  C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                00007fff645a0000
Library  C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff73520000
Library  C:\Windows\SYSTEM32\msauserext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                              00007fff650b0000
Library  C:\Windows\SYSTEM32\AuthBroker.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                              00007fff62c60000
Library  C:\Windows\SYSTEM32\wkscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff6f410000
Library  C:\Windows\SYSTEM32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff73820000
Library  c:\windows\system32\webio.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff64b20000
Library  c:\windows\system32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff74090000
Library  c:\windows\system32\fdphost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff65400000
Library  C:\Windows\System32\fdwsd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                   00007fff616a0000
Library  C:\Windows\System32\wsdapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff5a2d0000
Library  C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                             00007fff749e0000
Library  C:\Windows\System32\webservices.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                             00007fff62fd0000
Library  C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff72f60000
Library  C:\Windows\System32\fdssdp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff617a0000
Library  C:\Windows\System32\SSDPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff6f450000
Library  c:\windows\system32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff71900000
Library  C:\Windows\System32\fdproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff616d0000
Library  C:\Windows\System32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff73d90000
Library  C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff73a20000
Library  C:\Windows\System32\fwpuclnt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff6ba70000
Library  C:\Windows\system32\schannel.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                00007fff73960000
Library  C:\Windows\SYSTEM32\mskeyprotect.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                            00007fff61620000
Library  C:\Windows\SYSTEM32\ncrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff73f80000
Library  C:\Windows\SYSTEM32\NTASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                  00007fff73f40000
Library  C:\Windows\system32\ncryptsslp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                              00007fff628a0000
Library  C:\Windows\System32\FunDisc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696]                                                                                                                                                 00007fff663c0000
Library  C:\Windows\system32\propsys.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe
         

Alt 09.03.2016, 11:58   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Standard

Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert



Deine Linux-Logs hab ich ausgelagert => http://www.trojaner-board.de/176707-...lware-vbr.html

Was ist jetzt mit MBAR??!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert
anderen, bootkit, desktop, festplatte, folge, folgen, foren, hardware, hilft, infiziert, links, linux, löschen, malware, nemesis, neuinstallation, ordner, partition, platte, rechner, rootkit, sichtbar, systeme, thema, unmöglich, versteckte, ähnliches



Ähnliche Themen: Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert


  1. Malware in Firmware und Hardware
    Diskussionsforum - 18.08.2015 (26)
  2. Virus infiziert mehrere Systeme, verbreitet sich scheinbar auch übers Netzwerk. Virenprogramme "blind"
    Log-Analyse und Auswertung - 04.03.2015 (17)
  3. Malware für das Bios... gibt es Schutz?
    Antiviren-, Firewall- und andere Schutzprogramme - 02.01.2014 (8)
  4. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  5. Zeus Rundumschlag - BIOS infiziert, Android Handys, gehijacked
    Mülltonne - 20.04.2013 (15)
  6. Zeus Rundumschlag - BIOS infiziert, Android Handys, gehijacked
    Mülltonne - 10.04.2013 (2)
  7. PC infiziert mit Claro Search - Alle Bereinigungsmaßnahmen bisher erfolglos
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (19)
  8. Windows 7; Alle Dlls infiziert
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (3)
  9. Infiziert BKA Trojaner weitere Systeme?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (4)
  10. (Unbekanntes) Bootkit
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (6)
  11. alle dll´s infiziert. Tropper.Generic 3 u. Win32/zbot G
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (15)
  12. 3 Systeme infiziert, auch Probleme mit der Registry
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  13. Bootkit Remover
    Anleitungen, FAQs & Links - 30.05.2010 (1)
  14. BIOS/Firmware Virus/RK sehr hartnäckig und intelligent
    Plagegeister aller Art und deren Bekämpfung - 20.03.2010 (11)
  15. Notebook infiziert? Browser verweigern alle den Dienst
    Log-Analyse und Auswertung - 18.08.2009 (6)
  16. PC infiziert! Alle Töne verzerrt, Rechner langsam.
    Plagegeister aller Art und deren Bekämpfung - 03.02.2008 (2)
  17. W32.virut.w - alle exe-Dateien infiziert- brauchen Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.10.2007 (6)

Zum Thema Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert - Hallo, wir sind seid mehreren Mobaten mit dem oben genannten Bootkit infiziert. Betroffen sind 2 Laptops,1 Desktop Rechner iund ein Surface. Die Malware infiziert sowohl Linux als auch Windows. Formatierung - Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert...
Archiv
Du betrachtest: Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.