| |
| |||||||
Diskussionsforum: Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziertWindows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben. |
 |
| |
09.03.2016, 11:53
| #1 |
 |  Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert TEIL 6 Code:
ATTFilter Library C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff771a0000
Library c:\windows\system32\profsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72070000
Library c:\windows\system32\schedsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71e50000
Library c:\windows\system32\UBPM.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71c10000
Library c:\windows\system32\EventAggregation.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74220000
Library c:\windows\system32\AUTHZ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73480000
Library C:\Windows\SYSTEM32\profsvcext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71880000
Library C:\Windows\system32\WLDAP32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff777d0000
Library c:\windows\system32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73820000
Library C:\Windows\system32\SHELL32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff75390000
Library c:\windows\system32\logoncli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff716a0000
Library C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74a70000
Library C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff772d0000
Library C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff77140000
Library C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff75130000
Library C:\Windows\System32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74090000
Library c:\windows\system32\WMICLNT.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70e90000
Library c:\windows\system32\sens.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70e60000
Library C:\Windows\SYSTEM32\gpapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff731e0000
Library c:\windows\system32\usermgr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70b70000
Library C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73520000
Library c:\windows\system32\lfsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70aa0000
Library c:\windows\system32\msvcp110_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71600000
Library c:\windows\system32\LocationFramework.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70890000
Library c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72a90000
Library C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff745b0000
Library C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74410000
Library C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff77830000
Library c:\windows\system32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71900000
Library c:\windows\system32\WINHTTP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70520000
Library c:\windows\system32\wlanapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f730000
Library c:\windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74350000
Library c:\windows\system32\themeservice.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f3c0000
Library C:\Windows\System32\usermgrproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f370000
Library C:\Windows\SYSTEM32\winsta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74240000
Library C:\Windows\system32\taskcomp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f0f0000
Library C:\Windows\System32\LocationWinPalMisc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6ee60000
Library C:\Windows\System32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72c10000
Library C:\Windows\System32\npmproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f260000
Library c:\windows\system32\wkscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]
00007fff6f410000
Library C:\Windows\SYSTEM32\WPTaskScheduler.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6ee10000
Library C:\Windows\SYSTEM32\CSystemEventsBrokerClient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f030000
Library C:\Windows\SYSTEM32\netjoin.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f3e0000
Library C:\Windows\SYSTEM32\JoinUtil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73ef0000
Library C:\Windows\System32\PROPSYS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff713c0000
Library C:\Windows\System32\GnssAdapter.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6e060000
Library C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73ce0000
Library c:\windows\system32\wbem\wmisvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6e020000
Library C:\Windows\SYSTEM32\wbemcomn.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6ebf0000
Library c:\windows\system32\SAMLIB.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71c60000
Library c:\windows\system32\WTSAPI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff713a0000
Library C:\Windows\SYSTEM32\policymanager.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6dfb0000
Library C:\Windows\SYSTEM32\VSSAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6bf80000
Library C:\Windows\SYSTEM32\VssTrace.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6bae0000
Library c:\windows\system32\DABAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72a50000
Library C:\Windows\system32\SETUPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff76a40000
Library C:\Windows\system32\WINTRUST.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff74550000
Library C:\Windows\SYSTEM32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71c80000
Library C:\Windows\System32\Cabinet.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff69b70000
Library C:\Windows\System32\wer.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6b920000
Library C:\Windows\System32\DEVRTL.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6b9c0000
Library C:\Windows\SYSTEM32\samcli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff696d0000
Library c:\windows\system32\shsvcs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff69560000
Library C:\Windows\SYSTEM32\wevtapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71550000
Library c:\windows\system32\FVEAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68f50000
Library C:\Windows\system32\wbem\wbemcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68a90000
Library C:\Windows\system32\wbem\FastProx.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68950000
Library C:\Windows\system32\wbem\esscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff688d0000
Library C:\Windows\SYSTEM32\ondemandconnroutehelper.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68310000
Library C:\Windows\SYSTEM32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f7a0000
Library c:\windows\system32\srvsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff680d0000
Library C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff77de0000
Library c:\windows\system32\WINNSI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff70880000
Library C:\Windows\System32\ProximityService.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68050000
Library c:\windows\system32\ikeext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67c40000
Library c:\windows\system32\fwpuclnt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6ba70000
Library C:\Windows\system32\wbem\wbemsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67bd0000
Library c:\windows\system32\iphlpsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67660000
Library C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff749e0000
Library c:\windows\system32\rtutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67630000
Library C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72f60000
Library C:\Windows\system32\ProximityCommon.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68010000
Library C:\Windows\system32\ProximityCommonPal.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67f40000
Library C:\Windows\system32\ProximityServicePAL.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67c30000
Library C:\Windows\SYSTEM32\dhcpcsvc6.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f430000
Library C:\Windows\system32\wbem\wmiutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67ba0000
Library C:\Windows\system32\sqmapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67b20000
Library C:\Windows\SYSTEM32\dhcpcsvc.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f640000
Library C:\Windows\system32\SSCORE.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67b00000
Library C:\Windows\SYSTEM32\sscoreext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67b90000
Library C:\Windows\system32\httpprxm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67290000
Library C:\Windows\system32\adhsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67ae0000
Library C:\Windows\system32\wbem\repdrvfs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67200000
Library C:\Windows\system32\mi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff671e0000
Library C:\Windows\system32\miutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67180000
Library c:\windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73d90000
Library C:\Windows\SYSTEM32\httpprxc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff688c0000
Library C:\Windows\system32\wmidcom.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67150000
Library C:\Windows\system32\DPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73a60000
Library C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73a20000
Library C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73eb0000
Library C:\Windows\system32\RESUTILS.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67050000
Library C:\Windows\system32\CLUSAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66f10000
Library C:\Windows\system32\ncrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]
Code:
ATTFilter 0007fff73f80000
Library C:\Windows\system32\NTASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73f40000
Library C:\Windows\system32\DNSAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72b60000
Library C:\Windows\system32\ACTIVEDS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66ec0000
Library C:\Windows\system32\adsldpc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66c20000
Library C:\Windows\System32\rasadhlp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68890000
Library C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff778a0000
Library C:\Windows\system32\ATL.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff666b0000
Library C:\Windows\SYSTEM32\sxs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff742a0000
Library c:\windows\system32\WDSCORE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66620000
Library C:\Windows\system32\NETAPI32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff749c0000
Library C:\Windows\SYSTEM32\SECUR32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66380000
Library C:\Windows\system32\cscapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66360000
Library C:\Windows\system32\FWPolicyIOMgr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff68a50000
Library c:\windows\system32\HID.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff731d0000
Library C:\Windows\system32\wbem\wmiprvsd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff659c0000
Library C:\Windows\SYSTEM32\NCObjAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66130000
Library C:\Windows\system32\wbem\wbemess.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff65930000
Library C:\Windows\system32\wbem\ncprov.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff658f0000
Library C:\Windows\System32\wbem\krnlprov.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff670f0000
Library C:\Windows\System32\shacct.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72000000
Library C:\Windows\system32\CredentialMigrationHandler.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67100000
Library C:\Windows\System32\iertutil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6bbf0000
Library C:\Windows\SYSTEM32\mrmcorer.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f470000
Library C:\Windows\SYSTEM32\usermgrcli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff721e0000
Library C:\Windows\SYSTEM32\Bcp47Langs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff716e0000
Library c:\windows\system32\appinfo.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff631e0000
Library c:\windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff729d0000
Library c:\windows\system32\wuaueng.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61ed0000
Library c:\windows\system32\ESENT.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff672c0000
Library c:\windows\system32\UpdatePolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff652f0000
Library C:\Windows\SYSTEM32\wuuhext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61e60000
Library C:\Windows\SYSTEM32\WINSPOOL.DRV (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6b890000
Library C:\Windows\SYSTEM32\msi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61a90000
Library C:\Windows\SYSTEM32\newdev.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61dd0000
Library C:\Windows\SYSTEM32\UxTheme.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72c40000
Library C:\Windows\system32\hnetcfg.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff64430000
Library C:\Windows\system32\NetSetupApi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff65910000
Library C:\Windows\system32\TetheringClient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff62c40000
Library C:\Windows\System32\NetSetupShim.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff62590000
Library c:\windows\system32\NCI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff652e0000
Library C:\Windows\System32\winrnr.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff64020000
Library C:\Windows\system32\pnrpnsp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61780000
Library C:\Windows\system32\napinsp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61760000
Library C:\Windows\system32\SPINF.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff66690000
Library C:\Windows\system32\drvstore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff5a1f0000
Library c:\windows\system32\dosvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61350000
Library c:\windows\system32\msvcp_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff669c0000
Library C:\Windows\System32\wuapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff62110000
Library C:\Windows\system32\upnp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff617c0000
Library C:\Windows\system32\SSDPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6f450000
Library c:\windows\system32\SLC.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff72270000
Library c:\windows\system32\sppc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff720f0000
Library C:\Windows\system32\DMCmnUtils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff62550000
Library C:\Windows\System32\MbaeApiPublic.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff60f50000
Library C:\Windows\SYSTEM32\wwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61130000
Library c:\windows\system32\webservices.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff62fd0000
Library C:\Windows\system32\dssenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61640000
Library c:\windows\system32\webio.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff64b20000
Library C:\Windows\system32\schannel.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73960000
Library c:\windows\system32\VERSION.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff67760000
Library C:\Windows\System32\BitsProxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff60450000
Library C:\Windows\SYSTEM32\mskeyprotect.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff61620000
Library C:\Windows\system32\cryptnet.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff670b0000
Library C:\Windows\system32\ncryptsslp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff628a0000
Library c:\windows\system32\usocore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff59b00000
Library C:\Windows\System32\updatehandlers.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff59ab0000
Library C:\Windows\SYSTEM32\efswrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff73660000
Library C:\Windows\SYSTEM32\edputil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff734d0000
Library c:\windows\system32\bdesvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff5b120000
Library c:\windows\system32\bcd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff656e0000
Library c:\windows\system32\dsreg.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff5ea40000
Library C:\Windows\system32\coml2.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff77760000
Library C:\Windows\system32\wbem\wbemprox.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff6edb0000
Library C:\Windows\system32\es.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004] 00007fff71f80000
Library C:\Windows\System32\netshell.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1004]
00007fff5aa00000
Process C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007ff7756f0000
Library C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77df0000
Library C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77520000
Library C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff747d0000
Library C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77270000
Library C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff76e70000
Library C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73380000
Library C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77b50000
Library C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff769a0000
Library C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff750c0000
Library C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74440000
Library C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff779f0000
Library C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff775d0000
Library c:\windows\system32\hidserv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff725d0000
Library c:\windows\system32\HID.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff731d0000
Library C:\Windows\system32\cfgmgr32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74780000
Library C:\Windows\SYSTEM32\winsta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74240000
Library C:\Windows\system32\SETUPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff76a40000
Library C:\Windows\system32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff72c10000
Library C:\Windows\system32\WINTRUST.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74550000
Library C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74410000
Library C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff745b0000
Library c:\windows\system32\audioendpointbuilder.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff6f160000
Library c:\windows\system32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74350000
Library c:\windows\system32\MMDevAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff6f080000
Library c:\windows\system32\PROPSYS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff713c0000
Library C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff771a0000
Library C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff768f0000
Library C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74450000
Library C:\Windows\SYSTEM32\wtsapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff713a0000
Library c:\windows\system32\pcasvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff68800000
Library C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff772d0000
Library c:\windows\system32\apphelp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff729d0000
Library c:\windows\system32\USERENV.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73b70000
Library C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74420000
Library c:\windows\system32\trkwks.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff687a0000
Library c:\windows\system32\sysmain.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff68120000
Library C:\Windows\SYSTEM32\ntmarta.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73900000
Library C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74090000
Library C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77830000
Library C:\Windows\System32\taskschd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff72120000
Library C:\Windows\System32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff71900000
Library c:\windows\system32\wdi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff680b0000
Library C:\Windows\system32\radardt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff67130000
Library C:\Windows\system32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff71c80000
Library C:\Windows\system32\SystemEventsBrokerClient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff663f0000
Library C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff778a0000
Library C:\Windows\system32\coml2.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77760000
Library c:\windows\system32\ncbservice.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff5e9e0000
Library C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77de0000
Library c:\windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff6f7a0000
Library c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff72a90000
Library C:\Windows\System32\execmodelclient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff63df0000
Library C:\Windows\System32\CoreMessaging.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff72510000
Library C:\Windows\SYSTEM32\httpprxc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff688c0000
Library C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73ce0000
Library C:\Windows\System32\netprofm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff721f0000
Library C:\Windows\System32\npmproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff6f260000
Library C:\Windows\System32\ActXPrxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff70eb0000
Library C:\Windows\system32\pcadm.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff70620000
Library C:\Windows\system32\pcacli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff70610000
Library C:\Windows\system32\MPR.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff65670000
Library c:\windows\system32\das.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff614a0000
Library c:\windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73d90000
Library C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73a20000
Library C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73eb0000
Library C:\Windows\SYSTEM32\efswrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff73660000
Library C:\Windows\system32\SHCORE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff75130000
Library C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016]
Code:
ATTFilter 0 00007fff73520000
Library C:\Windows\SYSTEM32\edputil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff734d0000
Library C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff77140000
Library C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff74a70000
Library C:\Windows\system32\shell32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff75390000
Library C:\Windows\system32\LINKINFO.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1016] 00007fff5ecb0000
Process C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007ff7756f0000
Library C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff77df0000
Library C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff77520000
Library C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff747d0000
Library C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff77270000
Library C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff76e70000
Library C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff73380000
Library C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff77b50000
Library C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff769a0000
Library C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff750c0000
Library C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff74440000
Library C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff779f0000
Library C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff775d0000
Library c:\windows\system32\timebrokerserver.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff71f50000
Library C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff74450000
Library c:\windows\system32\BrokerLib.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff72a90000
Library C:\Windows\SYSTEM32\bi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff71c80000
Library C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff768f0000
Library C:\Windows\System32\execmodelclient.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff63df0000
Library C:\Windows\System32\CoreMessaging.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff72510000
Library C:\Windows\System32\twinapi.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff72d00000
Library C:\Windows\System32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff74350000
Library C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff75130000
Library c:\windows\system32\fdrespub.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff65000000
Library c:\windows\system32\wsdapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff5a2d0000
Library C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff77830000
Library C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff77de0000
Library C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff749e0000
Library c:\windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff6f7a0000
Library c:\windows\system32\webservices.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff62fd0000
Library C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff72f60000
Library C:\Windows\System32\FunDisc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff663c0000
Library c:\windows\system32\dhcpcsvc6.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff6f430000
Library c:\windows\system32\dhcpcsvc.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff6f640000
Library C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff73ce0000
Library C:\Windows\system32\wshqos.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff67780000
Library C:\Windows\system32\wshtcpip.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff67770000
Library C:\Windows\system32\wship6.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff67650000
Library c:\windows\system32\WINNSI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff70880000
Library c:\windows\system32\WINHTTP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff70520000
Library c:\windows\system32\HTTPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff640f0000
Library c:\windows\system32\wkscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff6f410000
Library c:\windows\system32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff73820000
Library C:\Windows\System32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff71900000
Library c:\windows\system32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff73d90000
Library C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff73a20000
Library C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff73eb0000
Library c:\windows\system32\ssdpsrv.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff61710000
Library C:\Windows\system32\sspicli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [564] 00007fff74090000
Process C:\Windows\system32\svchost.exe (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007ff7756f0000
Library C:\Windows\SYSTEM32\ntdll.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77df0000
Library C:\Windows\system32\KERNEL32.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77520000
Library C:\Windows\system32\KERNELBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff747d0000
Library C:\Windows\system32\sechost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77270000
Library C:\Windows\system32\RPCRT4.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff76e70000
Library C:\Windows\SYSTEM32\ucrtbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73380000
Library C:\Windows\system32\combase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77b50000
Library C:\Windows\system32\msvcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff769a0000
Library C:\Windows\system32\bcryptPrimitives.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff750c0000
Library C:\Windows\system32\kernel.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74440000
Library C:\Windows\system32\user32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff779f0000
Library C:\Windows\system32\GDI32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff775d0000
Library c:\windows\system32\es.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff71f80000
Library C:\Windows\system32\advapi32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff772d0000
Library C:\Windows\system32\clbcatq.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff768f0000
Library C:\Windows\system32\OLEAUT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff771a0000
Library C:\Windows\System32\Geolocation.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff71800000
Library C:\Windows\System32\USERENV.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73b70000
Library C:\Windows\System32\msvcp110_win.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff71600000
Library C:\Windows\System32\BiWinrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff715c0000
Library C:\Windows\system32\profapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74420000
Library C:\Windows\SYSTEM32\twinapi.appcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff72d00000
Library C:\Windows\System32\bcrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74350000
Library C:\Windows\System32\deviceaccess.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff71350000
Library c:\windows\system32\nsisvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff70e80000
Library C:\Windows\system32\NSI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77de0000
Library c:\windows\system32\netprofmsvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f270000
Library c:\windows\system32\nlaapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff722a0000
Library C:\Windows\System32\npmproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f260000
Library C:\Windows\system32\ole32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff778a0000
Library c:\windows\system32\fntcache.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6ee80000
Library C:\Windows\system32\WlanRadioManager.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6ee40000
Library C:\Windows\system32\IPHLPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f7a0000
Library C:\Windows\system32\wlanapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f730000
Library C:\Windows\System32\LocationFrameworkPS.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f040000
Library C:\Windows\system32\BthRadioMedia.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6edf0000
Library C:\Windows\system32\cfgmgr32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74780000
Library C:\Windows\system32\DEVOBJ.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff72c10000
Library C:\Windows\SYSTEM32\bluetoothapis.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6edd0000
Library c:\windows\system32\FontProvider.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6ec70000
Library C:\Windows\SYSTEM32\sxs.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff742a0000
Library C:\Windows\system32\WINNSI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff70880000
Library C:\Windows\system32\WS2_32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77830000
Library C:\Windows\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73ce0000
Library C:\Windows\SYSTEM32\gpapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff731e0000
Library c:\windows\system32\winhttp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff70520000
Library C:\Windows\system32\powrprof.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74450000
Library C:\Windows\system32\dhcpcsvc6.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f430000
Library C:\Windows\system32\dhcpcsvc.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f640000
Library C:\Windows\system32\DNSAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff72b60000
Library C:\Windows\System32\rasadhlp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff68890000
Library c:\windows\system32\wdi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff680b0000
Library C:\Windows\system32\perftrack.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff67790000
Library c:\windows\system32\licensemanagersvc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff663b0000
Library C:\Windows\system32\shcore.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff75130000
Library c:\windows\system32\LicenseManager.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff621f0000
Library c:\windows\system32\CLIPC.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff66670000
Library C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff64ba0000
Library C:\Windows\System32\wuapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff62110000
Library C:\Windows\system32\CRYPT32.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff745b0000
Library C:\Windows\system32\MSASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74410000
Library C:\Windows\system32\WINTRUST.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74550000
Library C:\Windows\System32\UpdatePolicy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff652f0000
Library C:\Windows\System32\wups.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff65b00000
Library C:\Windows\System32\msxml6.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff65c60000
Library C:\Windows\System32\Windows.Web.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6c170000
Library C:\Windows\System32\iertutil.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6bbf0000
Library C:\Windows\system32\windows.storage.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74a70000
Library C:\Windows\system32\shlwapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff77140000
Library C:\Windows\system32\DPAPI.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73a60000
Library C:\Windows\system32\CRYPTBASE.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73eb0000
Library C:\Windows\System32\ActXPrxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff70eb0000
Library C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff645a0000
Library C:\Windows\SYSTEM32\wintypes.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73520000
Library C:\Windows\SYSTEM32\msauserext.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff650b0000
Library C:\Windows\SYSTEM32\AuthBroker.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff62c60000
Library C:\Windows\SYSTEM32\wkscli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f410000
Library C:\Windows\SYSTEM32\netutils.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73820000
Library c:\windows\system32\webio.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff64b20000
Library c:\windows\system32\SspiCli.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff74090000
Library c:\windows\system32\fdphost.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff65400000
Library C:\Windows\System32\fdwsd.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff616a0000
Library C:\Windows\System32\wsdapi.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff5a2d0000
Library C:\Windows\system32\FirewallAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff749e0000
Library C:\Windows\System32\webservices.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff62fd0000
Library C:\Windows\system32\fwbase.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff72f60000
Library C:\Windows\System32\fdssdp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff617a0000
Library C:\Windows\System32\SSDPAPI.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6f450000
Library c:\windows\system32\XmlLite.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff71900000
Library C:\Windows\System32\fdproxy.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff616d0000
Library C:\Windows\System32\CRYPTSP.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73d90000
Library C:\Windows\system32\rsaenh.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73a20000
Library C:\Windows\System32\fwpuclnt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff6ba70000
Library C:\Windows\system32\schannel.DLL (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73960000
Library C:\Windows\SYSTEM32\mskeyprotect.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff61620000
Library C:\Windows\SYSTEM32\ncrypt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73f80000
Library C:\Windows\SYSTEM32\NTASN1.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff73f40000
Library C:\Windows\system32\ncryptsslp.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff628a0000
Library C:\Windows\System32\FunDisc.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [696] 00007fff663c0000
Library C:\Windows\system32\propsys.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe
|
|
09.03.2016, 12:12
| #2 |
| | Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert Zum GMER-log fehlen noch mindestens 10 Teile, aber dann breche ich den mal ab...
__________________Ubuntu ist auch vom Bootkit betroffen, wie alle Linuxsysteme, die ich bisher probiert habe. Nur der Zugriff des Clienten läuft über SSH und Samba, auch wenn ich die dazugehörigen Dienste stoppe und Programme deinstalliere. MBRR findet nichts, auch wenn ich den von CD mit Schreibschutz laufen lasse, aber kann ich trotzdem nochmal laufen lassen. Etwas Geduld muss Win10 wieder mal neu installieren... Hier kurz ein etwas älterer: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.02.26.05
rootkit: v2016.02.17.01
Windows 10 x86 NTFS
Internet Explorer 11.0.10586.0
dennis :: DESKTOP-UVJEAAF [administrator]
26.02.2016 19:32:03
mbar-log-2016-02-26 (19-32-03).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 282860
Time elapsed: 9 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter RogueKiller V11.0.13.0 [Feb 22 2016] (Free) by Adlice Software
Mail : hxxp://www.adlice.com/contact/
Feedback : hxxp://forum.adlice.com
Website : hxxp://www.adlice.com/software/roguekiller/
Blog : hxxp://www.adlice.com
Betriebssystem : Windows 10 (10.0.10586) 32 bits version
gestarted in : normaler Modus
User : dennis [Administrator]
Started from : C:\Users\dennis\Desktop\Sonstiges\RogueKiller.exe
Modus : Scannen -- Datum : 02/26/2016 19:24:11
¤¤¤ Prozesse : 1 ¤¤¤
[Suspicious.Path] JQAQZP.exe(3140) -- C:\Users\dennis\AppData\Local\Temp\JQAQZP.exe[-] -> beendet [TermThr]
¤¤¤ Registry : 11 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Partner -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\JQAQZP (C:\Users\dennis\AppData\Local\Temp\JQAQZP.exe) -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ZXWAIKD (C:\Users\dennis\AppData\Local\Temp\ZXWAIKD.exe) -> Gefunden
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\dennis\AppData\Local\Temp\aswMBR.sys) -> Gefunden
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\dennis\AppData\Local\Temp\aswVmm.sys) -> Gefunden
[Suspicious.Path|Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pwwdqpod (\??\C:\Users\dennis\AppData\Local\Temp\pwwdqpod.sys) -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JQAQZP (C:\Users\dennis\AppData\Local\Temp\JQAQZP.exe) -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZXWAIKD (C:\Users\dennis\AppData\Local\Temp\ZXWAIKD.exe) -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\dennis\AppData\Local\Temp\aswMBR.sys) -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\dennis\AppData\Local\Temp\aswVmm.sys) -> Gefunden
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwwdqpod (\??\C:\Users\dennis\AppData\Local\Temp\pwwdqpod.sys) -> Gefunden
¤¤¤ Aufgaben : 0 ¤¤¤
¤¤¤ Dateien : 0 ¤¤¤
¤¤¤ Host Dateien : 0 ¤¤¤
¤¤¤ Antirootkit : 41 (Driver: geladen) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwThawTransactions[32] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86322052 (jmp dword [0x81a932b8])
[SSDT:Inl(Hook.SSDT)] ZwSinglePhaseReject[44] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e6a6 (jmp dword [0x81a932f8])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransactionManager[73] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86322d24 (jmp dword [0x81a932fc])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransaction[74] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321d12 (jmp dword [0x81a932bc])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationResourceManager[77] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631f0a6 (jmp dword [0x81a932c0])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationEnlistment[83] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631dfb8 (jmp dword [0x81a932c4])
[SSDT:Inl(Hook.SSDT)] ZwRollforwardTransactionManager[104] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8632269a (jmp dword [0x81a93310])
[SSDT:Inl(Hook.SSDT)] ZwRollbackTransaction[105] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321ca8 (jmp dword [0x81a932c8])
[SSDT:Inl(Hook.SSDT)] ZwRollbackEnlistment[106] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e3c6 (jmp dword [0x81a932cc])
[SSDT:Inl(Hook.SSDT)] ZwRollbackComplete[107] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e812 (jmp dword [0x81a932d0])
[SSDT:Inl(Hook.SSDT)] ZwRenameTransactionManager[122] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86322532 (jmp dword [0x81a93314])
[SSDT:Inl(Hook.SSDT)] ZwRegisterProtocolAddressInformation[132] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86322e62 (jmp dword [0x81a93318])
[SSDT:Inl(Hook.SSDT)] ZwRecoverTransactionManager[133] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86322752 (jmp dword [0x81a932d4])
[SSDT:Inl(Hook.SSDT)] ZwRecoverResourceManager[134] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631ed32 (jmp dword [0x81a932d8])
[SSDT:Inl(Hook.SSDT)] ZwRecoverEnlistment[135] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631dcfe (jmp dword [0x81a932dc])
[SSDT:Inl(Hook.SSDT)] ZwReadOnlyEnlistment[138] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e75c (jmp dword [0x81a93334])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransactionManager[176] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff863227ae (jmp dword [0x81a93338])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransaction[177] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321470 (jmp dword [0x81a9333c])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationResourceManager[180] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631ee98 (jmp dword [0x81a93340])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationEnlistment[185] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631dd5a (jmp dword [0x81a93344])
[SSDT:Inl(Hook.SSDT)] ZwPropagationFailed[201] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff863230f0 (jmp dword [0x81a93348])
[SSDT:Inl(Hook.SSDT)] ZwPropagationComplete[202] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86323026 (jmp dword [0x81a9334c])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareEnlistment[207] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e256 (jmp dword [0x81a93358])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareComplete[208] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e536 (jmp dword [0x81a9335c])
[SSDT:Inl(Hook.SSDT)] ZwPrepareEnlistment[209] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e19e (jmp dword [0x81a93350])
[SSDT:Inl(Hook.SSDT)] ZwPrepareComplete[210] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e47e (jmp dword [0x81a93354])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransactionManager[213] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff863222c0 (jmp dword [0x81a93360])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransaction[214] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321272 (jmp dword [0x81a93364])
[SSDT:Inl(Hook.SSDT)] ZwOpenResourceManager[223] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631eb7e (jmp dword [0x81a93368])
[SSDT:Inl(Hook.SSDT)] ZwOpenEnlistment[241] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631db5a (jmp dword [0x81a9336c])
[SSDT:Inl(Hook.SSDT)] ZwGetNotificationResourceManager[277] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631ed8c (jmp dword [0x81a93370])
[SSDT:Inl(Hook.SSDT)] ZwFreezeTransactions[289] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321f7a (jmp dword [0x81a93374])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[293] : C:\Windows\System32\halmacpi.dll @ 0xffffffff81826d46 (call dword [0x81a93134])
[SSDT:Inl(Hook.SSDT)] ZwEnumerateTransactionObject[307] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321a30 (jmp dword [0x81a93330])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransactionManager[338] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff863220a8 (jmp dword [0x81a9332c])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransaction[339] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86320f56 (jmp dword [0x81a93328])
[SSDT:Inl(Hook.SSDT)] ZwCreateResourceManager[349] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e8c8 (jmp dword [0x81a93324])
[SSDT:Inl(Hook.SSDT)] ZwCreateEnlistment[371] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631d958 (jmp dword [0x81a932f4])
[SSDT:Inl(Hook.SSDT)] ZwCommitTransaction[383] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff86321c3e (jmp dword [0x81a932f0])
[SSDT:Inl(Hook.SSDT)] ZwCommitEnlistment[384] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e30e (jmp dword [0x81a932ec])
[SSDT:Inl(Hook.SSDT)] ZwCommitComplete[385] : C:\Windows\System32\drivers\tm.sys @ 0xffffffff8631e5ee (jmp dword [0x81a932e8])
¤¤¤ Web Browser : 0 ¤¤¤
¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-60U6AA0 ATA Device +++++
--- User ---
[MBR] 460fec65a733cabb21d0dda791f6f41c
[BSP] 81052d5fb4596d0fffc65f9b899d6319 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 99499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
|
|
| Themen zu Bootkit Nemesis- Bios/Firmware Malware im VBR , alle Systeme infiziert |
| anderen, bootkit, desktop, festplatte, folge, folgen, foren, hardware, hilft, infiziert, links, linux, löschen, malware, nemesis, neuinstallation, ordner, partition, platte, rechner, rootkit, sichtbar, systeme, thema, unmöglich, versteckte, ähnliches |
Hybrid-Darstellung
