| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiterleitung zu Epoclick, Gomeo, google analytics, google websites, google anderer länderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.04.2011, 16:16
| #5 |
| |  Weiterleitung zu Epoclick, Gomeo, google analytics, google websites, google anderer länder also, der fehler tritt bei beiden browsern auf. jetzt habe ich GMER laufen lassen, folgendes ist rausgekommen. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-23 17:03:29
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38
Running: b3hwvs0b.exe; Driver: C:\Users\Nico\AppData\Local\Temp\fwtdqpog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x885CB68A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x885CB612]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x885CB6C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x885CB64E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x885CB69E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x885CB662]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x885CB63A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x885CB626]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x885CB6F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x885CB6DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x885CB6B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 82A34138 5 Bytes JMP 885CB6B8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A4C589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A71092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[504] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00230FA5
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 00230F5E
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 00230F79
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00230FDB
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 002300C4
.text C:\Windows\system32\services.exe[504] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00230098
.text C:\Windows\system32\services.exe[504] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00230FB6
.text C:\Windows\system32\services.exe[504] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00230073
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00230011
.text C:\Windows\system32\services.exe[504] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00230F39
.text C:\Windows\system32\services.exe[504] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00230051
.text C:\Windows\system32\services.exe[504] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00230062
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 00230000
.text C:\Windows\system32\services.exe[504] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 002300E9
.text C:\Windows\system32\services.exe[504] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00230022
.text C:\Windows\system32\services.exe[504] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 00230F8A
.text C:\Windows\system32\services.exe[504] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 002300A9
.text C:\Windows\system32\services.exe[504] msvcrt.dll!_open 773D7E48 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\services.exe[504] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 001E004E
.text C:\Windows\system32\services.exe[504] msvcrt.dll!system 7740B16F 5 Bytes JMP 001E003D
.text C:\Windows\system32\services.exe[504] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\services.exe[504] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\services.exe[504] msvcrt.dll!_wopen 77410570 5 Bytes JMP 001E0018
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 001D000A
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 001D0025
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 001D0F94
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 001D0036
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 001D0F79
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\services.exe[504] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\services.exe[504] WS2_32.dll!socket 76493F00 5 Bytes JMP 00240000
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 000B0076
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 000B00D1
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 000B0F3C
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 000B0F4D
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 000B0065
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 000B0F8D
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 000B0000
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 000B0F21
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 000B0040
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 000B009B
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 000B001B
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 000B00B6
.text C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 000B0F68
.text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_open 773D7E48 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 000A0038
.text C:\Windows\system32\lsass.exe[556] msvcrt.dll!system 7740B16F 5 Bytes JMP 000A0FAD
.text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 000A000C
.text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 000A0027
.text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_wopen 77410570 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00080FEF
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00080F9E
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00080025
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 00080F8D
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00080FD4
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00080F68
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00080FC3
.text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 0008000A
.text C:\Windows\system32\lsass.exe[556] WS2_32.dll!socket 76493F00 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00340062
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 00340F03
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 00340F14
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00340FB2
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 00340051
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00340F4D
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00340025
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00340014
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00340FDE
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00340EF2
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00340F97
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00340F7C
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 0034007D
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00340FCD
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 0034008E
.text C:\Windows\system32\svchost.exe[656] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00340040
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_open 773D7E48 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 00270F90
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!system 7740B16F 5 Bytes JMP 00270FA1
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 00270000
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 00270011
.text C:\Windows\system32\svchost.exe[656] msvcrt.dll!_wopen 77410570 5 Bytes JMP 00270FC6
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00250FE5
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00250014
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00250040
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 0025002F
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00250FCA
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00250065
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00250FB9
.text C:\Windows\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00250FA8
.text C:\Windows\system32\svchost.exe[656] WS2_32.dll!socket 76493F00 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00410F80
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 00410F4A
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 004100DF
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00410047
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 004100A9
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00410098
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00410FC0
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00410087
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 0041001B
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00410F2F
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00410FDB
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 0041006C
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 0041000A
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 004100C4
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00410036
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 00410F65
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00410F9B
.text C:\Windows\system32\svchost.exe[736] msvcrt.dll!_open 773D7E48 5 Bytes JMP 003C000C
.text C:\Windows\system32\svchost.exe[736] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 003C0FA6
.text C:\Windows\system32\svchost.exe[736] msvcrt.dll!system 7740B16F 5 Bytes JMP 003C0FB7
.text C:\Windows\system32\svchost.exe[736] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 003C0027
.text C:\Windows\system32\svchost.exe[736] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 003C0FC8
.text C:\Windows\system32\svchost.exe[736] msvcrt.dll!_wopen 77410570 5 Bytes JMP 003C0FE3
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 0036002C
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00360F94
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 00360FAF
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 0036001B
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00360051
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00360FE5
.text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00360FCA
.text C:\Windows\system32\svchost.exe[736] WS2_32.dll!socket 76493F00 5 Bytes JMP 00370FE5
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00360091
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 003600DB
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 00360F46
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00360025
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 00360080
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00360F8D
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00360F9E
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 0036005B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00360FE5
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00360F35
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00360040
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00360FB9
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 003600AC
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00360FD4
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 00360F57
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00360F72
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_open 773D7E48 5 Bytes JMP 00340FE3
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 0034002E
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!system 7740B16F 5 Bytes JMP 0034001D
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 00340FC1
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 0034000C
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wopen 77410570 5 Bytes JMP 00340FD2
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00330F9E
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00330F79
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00330040
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00330FCA
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00330FAF
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 010B0F5E
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 010B0F06
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 010B0F17
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 010B0FB9
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 010B0087
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 010B006C
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 010B0051
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 010B0040
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 010B0000
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 010B0EF5
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 010B0F9E
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 010B002F
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 010B0FEF
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 010B0F43
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 010B0FCA
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 010B0F32
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 010B0F79
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_open 773D7E48 5 Bytes JMP 010A0000
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 010A0058
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!system 7740B16F 5 Bytes JMP 010A003D
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 010A0011
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 010A002C
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wopen 77410570 5 Bytes JMP 010A0FD7
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 01070000
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 01070FCA
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 0107005B
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 01070FB9
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 01070FE5
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 01070FA8
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 0107001B
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 01070036
.text C:\Windows\System32\svchost.exe[828] WS2_32.dll!socket 76493F00 5 Bytes JMP 01080FEF
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 003300B6
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 003300F3
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 003300E2
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 0033001B
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 00330091
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 0033006F
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00330F8D
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00330F9E
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00330FE5
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00330F43
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00330FAF
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00330036
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 00330000
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 003300C7
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00330FD4
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 00330F5E
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00330080
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_open 773D7E48 5 Bytes JMP 00320FEF
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 00320F8D
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!system 7740B16F 5 Bytes JMP 00320FB2
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 00320FC3
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 00320022
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wopen 77410570 5 Bytes JMP 00320FDE
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00210000
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 0021002C
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00210F9B
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 0021003D
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00210FE5
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00210F8A
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 0021001B
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00210FC0
.text C:\Windows\System32\svchost.exe[864] WS2_32.dll!socket 76493F00 5 Bytes JMP 00430FEF
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00E90F65
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 00E900C4
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 00E900B3
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00E90025
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 00E9008E
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00E9007D
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00E90FA5
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00E90062
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00E9000A
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00E900E9
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00E90040
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00E90051
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 00E90FEF
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 00E90F54
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00E90FD4
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 00E90F2F
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00E90F8A
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!_open 773D7E48 5 Bytes JMP 00E80FEF
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!_wsystem 7740B04F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 00E80053
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!system 7740B16F 5 Bytes JMP 00E80042
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 00E80FD2
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 00E80031
.text C:\Windows\system32\svchost.exe[892] msvcrt.dll!_wopen 77410570 5 Bytes JMP 00E80000
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00E10FE5
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00E10FAF
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00E10F94
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 00E10036
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00E1000A
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00E10051
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00E1001B
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00E10FCA
.text C:\Windows\system32\svchost.exe[892] WS2_32.dll!socket 76493F00 5 Bytes JMP 00E20FEF
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 003F0065
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 003F0EF2
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 003F0087
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 003F0FDB
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 003F0F32
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 003F0F68
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 003F0F79
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 003F0F94
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 003F0011
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 003F0EE1
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 003F0FB6
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 003F0FA5
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 003F0000
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 003F0F17
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 003F002C
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 003F0076
.text C:\Windows\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 003F0F4D
.text C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_open 773D7E48 5 Bytes JMP 003E000C
.text C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 003E005A
.text C:\Windows\system32\svchost.exe[1028] msvcrt.dll!system 7740B16F 5 Bytes JMP 003E0049
.text C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 003E002E
.text C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 003E0FE3
.text C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_wopen 77410570 5 Bytes JMP 003E001D
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00340FC3
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 0034004A
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 00340FA8
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 0034001B
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00340F8D
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00340FDE
.text C:\Windows\system32\svchost.exe[1028] WS2_32.dll!socket 76493F00 5 Bytes JMP 00440FE5
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 013E007D
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 013E00BA
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 013E00A9
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 013E0014
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 013E006C
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 013E0F72
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 013E004A
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 013E0F8D
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 013E0FDE
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 013E0F0A
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 013E002F
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 013E0F9E
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 013E0FEF
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 013E0F43
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7792D5BF 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 013E0FC3
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 013E0098
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 013E005B
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_open 773D7E48 5 Bytes JMP 013D0FEF
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 013D0044
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!system 7740B16F 5 Bytes JMP 013D0FB9
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 013D0018
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 013D0033
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wopen 77410570 5 Bytes JMP 013D0FDE
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 0137000A
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 0137006C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 01370FE5
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 0137007D
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 0137001B
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 01370FCA
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 01370036
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 01370051
.text C:\Windows\system32\svchost.exe[1112] WS2_32.dll!socket 76493F00 5 Bytes JMP 013C0000
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00FB008E
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 00FB00CB
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 00FB00B0
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00FB0FC0
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 00FB007D
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00FB0062
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00FB003D
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00FB0F80
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00FB0F1B
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00FB002C
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00FB0F9B
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 00FB0F40
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00FB0011
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 00FB009F
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00FB0F6F
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_open 773D7E48 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 00FA0069
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!system 7740B16F 5 Bytes JMP 00FA0044
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 00FA0018
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 00FA0033
.text C:\Windows\system32\svchost.exe[1300] msvcrt.dll!_wopen 77410570 5 Bytes JMP 00FA0FDE
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00F80039
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00F80065
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 00F80054
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00F80FE5
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00F80FA8
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00F80FD4
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00F80FC3
.text C:\Windows\system32\svchost.exe[1300] WS2_32.dll!socket 76493F00 5 Bytes JMP 00F90FE5
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 004C0F2F
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 004C0EEF
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 004C007A
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 004C0022
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 004C0058
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 004C0F65
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 004C0F76
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 004C0F87
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 004C0FE5
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 004C0ED4
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 004C0033
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 004C0FAC
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 004C0000
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 004C0F14
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 004C0011
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 004C0069
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 004C0F54
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_open 773D7E48 5 Bytes JMP 004B0FE3
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 004B0FB0
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!system 7740B16F 5 Bytes JMP 004B0031
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 004B0FC1
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 004B0020
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wopen 77410570 5 Bytes JMP 004B0FD2
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00450FEF
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00450025
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00450F94
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 00450040
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00450000
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00450051
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00450FCA
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00450FB9
.text C:\Windows\system32\svchost.exe[1420] WS2_32.dll!socket 76493F00 5 Bytes JMP 00460FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 003F00A5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 003F0F35
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 003F0F46
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 003F0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 003F0094
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 003F0F97
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 003F0065
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 003F0FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 003F0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 003F0F1A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 003F0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 003F0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 003F0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 003F00CA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 003F001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 003F0F61
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 003F0F86
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] msvcrt.dll!_open 773D7E48 5 Bytes JMP 003E000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 003E0FC5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] msvcrt.dll!system 7740B16F 5 Bytes JMP 003E005A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 003E002E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 003E0049
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] msvcrt.dll!_wopen 77410570 5 Bytes JMP 003E001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 002C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 002C0FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 002C005B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 002C0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 002C0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 002C0076
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 002C001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 002C0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1516] WS2_32.dll!socket 76493F00 5 Bytes JMP 002D0FEF
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 03EC0095
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 03EC0F4A
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 03EC00DF
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 03EC0FD1
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 03EC0F6C
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 03EC0F91
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 03EC0069
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 03EC004E
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 03EC0011
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 03EC0F39
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 03EC0FB6
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 03EC003D
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 03EC0000
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 03EC0F5B
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 03EC0022
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 03EC00C4
.text C:\Windows\Explorer.EXE[1796] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 03EC007A
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 03BC0000
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 03BC0058
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 03BC0073
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 03BC0FD1
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 03BC0011
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 03BC0084
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 03BC0022
.text C:\Windows\Explorer.EXE[1796] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 03BC0033
.text C:\Windows\Explorer.EXE[1796] msvcrt.dll!_open 773D7E48 5 Bytes JMP 03E30000
.text C:\Windows\Explorer.EXE[1796] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 03E30FCA
.text C:\Windows\Explorer.EXE[1796] msvcrt.dll!system 7740B16F 5 Bytes JMP 03E3005F
.text C:\Windows\Explorer.EXE[1796] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 03E3003A
.text C:\Windows\Explorer.EXE[1796] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 03E30FEF
.text C:\Windows\Explorer.EXE[1796] msvcrt.dll!_wopen 77410570 5 Bytes JMP 03E3001D
.text C:\Windows\Explorer.EXE[1796] WININET.dll!InternetOpenA 772D7DDC 5 Bytes JMP 03E20000
.text C:\Windows\Explorer.EXE[1796] WININET.dll!InternetOpenW 772D9D58 5 Bytes JMP 03E20011
.text C:\Windows\Explorer.EXE[1796] WININET.dll!InternetOpenUrlA 772DDBD0 5 Bytes JMP 03E2002C
.text C:\Windows\Explorer.EXE[1796] WININET.dll!InternetOpenUrlW 7732E0D4 5 Bytes JMP 03E2003D
.text C:\Windows\Explorer.EXE[1796] WS2_32.dll!socket 76493F00 5 Bytes JMP 03DD0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 003E00B3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 003E0104
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 003E0F65
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 003E0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 003E0098
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 003E0069
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 003E0058
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 003E0047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 003E000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 003E0F54
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 003E0FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 003E0036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 003E0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 003E00C4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 003E0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 003E00DF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 003E0F80
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] msvcrt.dll!_open 773D7E48 5 Bytes JMP 0019000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 00190FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] msvcrt.dll!system 7740B16F 5 Bytes JMP 0019004E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 00190FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 00190FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] msvcrt.dll!_wopen 77410570 5 Bytes JMP 0019001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 00170FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 00170FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 00170F8A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 0017002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 00170FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 00170F6F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 00170000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 00170011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1928] WS2_32.dll!socket 76493F00 5 Bytes JMP 0018000A
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2668] kernel32.dll!SetUnhandledExceptionFilter 778F3162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00010080
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 000100D8
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 000100C7
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 0001005B
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00010F72
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00010F83
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 000100E9
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 0001009B
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 00010025
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 000100AC
.text C:\Windows\System32\svchost.exe[4064] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 00010F4D
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!_open 773D7E48 5 Bytes JMP 000D0000
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!_wsystem 7740B04F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 000D0053
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!system 7740B16F 5 Bytes JMP 000D0042
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 000D0FE3
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 000D0FD2
.text C:\Windows\System32\svchost.exe[4064] msvcrt.dll!_wopen 77410570 5 Bytes JMP 000D0011
.text C:\Windows\System32\svchost.exe[4064] WS2_32.dll!socket 76493F00 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 002A0FEF
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 002A0FB9
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 002A0051
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 002A0040
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 002A000A
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 002A006C
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 002A0FCA
.text C:\Windows\System32\svchost.exe[4064] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 002A001B
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!GetStartupInfoA 778A1DF0 5 Bytes JMP 00010F91
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreateProcessW 778A202D 5 Bytes JMP 00010101
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreateProcessA 778A2062 5 Bytes JMP 000100F0
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreateNamedPipeW 778D1FD6 5 Bytes JMP 00010047
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreatePipe 778D4A8B 5 Bytes JMP 000100BA
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!VirtualProtect 778E50AB 5 Bytes JMP 00010084
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!LoadLibraryExW 778EB6BF 5 Bytes JMP 00010FAC
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!LoadLibraryExA 778EBC8B 5 Bytes JMP 00010FD1
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreateFileW 778F0B7D 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!GetProcAddress 778F1857 5 Bytes JMP 00010F51
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!LoadLibraryA 778F2884 5 Bytes JMP 00010062
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!LoadLibraryW 778F28D2 5 Bytes JMP 00010073
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreateFileA 778F291C 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!GetStartupInfoW 778F7CD5 5 Bytes JMP 00010F80
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!CreateNamedPipeA 7792D5BF 5 Bytes JMP 0001002C
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!WinExec 7792E76D 5 Bytes JMP 000100DF
.text C:\Windows\System32\svchost.exe[6028] kernel32.dll!VirtualProtectEx 7792F729 5 Bytes JMP 000100A9
.text C:\Windows\System32\svchost.exe[6028] msvcrt.dll!_open 773D7E48 5 Bytes JMP 000D0000
.text C:\Windows\System32\svchost.exe[6028] msvcrt.dll!_wsystem 7740B04F 5 Bytes JMP 000D0FB7
.text C:\Windows\System32\svchost.exe[6028] msvcrt.dll!system 7740B16F 5 Bytes JMP 000D0042
.text C:\Windows\System32\svchost.exe[6028] msvcrt.dll!_creat 7740ED29 5 Bytes JMP 000D0FE3
.text C:\Windows\System32\svchost.exe[6028] msvcrt.dll!_wcreat 7741038E 5 Bytes JMP 000D0FD2
.text C:\Windows\System32\svchost.exe[6028] msvcrt.dll!_wopen 77410570 5 Bytes JMP 000D001D
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegOpenKeyA 763DD2ED 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegCreateKeyA 763DD3C1 5 Bytes JMP 000E0040
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegCreateKeyExA 763E1B71 5 Bytes JMP 000E0062
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegCreateKeyW 763E1CC0 5 Bytes JMP 000E0051
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegOpenKeyW 763E3129 5 Bytes JMP 000E0FDE
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegCreateKeyExW 763EB946 5 Bytes JMP 000E0FAF
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegOpenKeyExA 763EBC0D 5 Bytes JMP 000E0014
.text C:\Windows\System32\svchost.exe[6028] ADVAPI32.dll!RegOpenKeyExW 763EBEC4 5 Bytes JMP 000E002F
.text C:\Windows\System32\svchost.exe[6028] WS2_32.dll!socket 76493F00 5 Bytes JMP 00290FEF
.text C:\Windows\System32\svchost.exe[6028] WININET.dll!InternetOpenA 772D7DDC 5 Bytes JMP 002F0FEF
.text C:\Windows\System32\svchost.exe[6028] WININET.dll!InternetOpenW 772D9D58 5 Bytes JMP 002F0000
.text C:\Windows\System32\svchost.exe[6028] WININET.dll!InternetOpenUrlA 772DDBD0 5 Bytes JMP 002F0011
.text C:\Windows\System32\svchost.exe[6028] WININET.dll!InternetOpenUrlW 7732E0D4 5 Bytes JMP 002F0022
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\mfevtps.exe[332] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004059CB] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:3360] 989796E8
---- EOF - GMER 1.0.15 ----
mal noch eine andere frage, nachdem ich die ganzen schritte gemacht habe, bekam ich beim starten der internetverbindung und nach öffnen des browsers eine warnmeldung von windows ob ich zustimmen möchte einen dienst mit einer internetadresse auf endung .ru zulassen möchte. habe ich verneint. und noch was anderes, etwas weiter oben unter dem punkt zu 4 habe ich eine auskunft gepostet, dort sind internetadressen vorhanden auf denen ich noch nie war. unter: C:\Windows\system32\drivers\etc\hosts wie kommen die dahin? hat das eventuell was damit zu tun? |
| Themen zu Weiterleitung zu Epoclick, Gomeo, google analytics, google websites, google anderer länder |
| als startseite, analytics, anderer, anfang, anzeige, browser, c:\windows\system32\rundll32.exe, eingabe, gen, google, google analytics, ics, installiert, januar, kleines, klicke, klicken, mcafee, plug-in, problem, probleme, rechner, safer networking, seite, startseite, suchergebnisse, virusscan, websites, weitergeleitet, weiterleitung, windows, windows 7 |
Baum-Darstellung