|
Log-Analyse und Auswertung: Trojaner nach Besuch von suspekter WebseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.05.2011, 14:51 | #1 |
| Trojaner nach Besuch von suspekter Webseite Liebe Experten, wäret Ihr so nett, Euch mal einen Gmer-Log anzuschauen? Ich habe neulich auf einen Link geklickt, der möglicherweise bösartig war. Das wäre eine große Hilfe. Vielen Dank und Gruß, zn GMER 1.0.15.14966 - hxxp://www.gmer.net Rootkit scan 2011-05-09 14:38:40 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA73F0A3B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA73F0A65] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA73F0A8F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA73F0A4F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA73F0A27] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA73F0AA5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA73F0A79] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP A73F0A7D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 805790A8 5 Bytes JMP A73F0A3F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP A73F0A93 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP A73F0AA9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B841E 7 Bytes JMP A73F0A53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP A73F0A69 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP A73F0A2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E00000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E00049 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E00F54 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E00F65 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E00022 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E00FA5 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E00F2F .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E00081 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E000C8 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E000A3 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E00F14 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E00F8A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E00011 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E0005A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E00FC0 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E00FDB .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E00092 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DF002C .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DF007D .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DF0011 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DF0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DF006C .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DF0FE5 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00DF0FC0 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [FF, 88] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DF003D .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DE0F90 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DE001B .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DE0FBC .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DE0FE3 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DE0FAB .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DE0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DD0FEF .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FE5 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F72 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0F8D .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0067 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F9E .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0036 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F33 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F50 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00C2 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA00B1 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CA0F18 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CA0FAF .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CA0000 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CA0F61 .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CA0FCA .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CA001B .text C:\WINDOWS\system32\services.exe[760] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CA0096 .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00070011 .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00070051 .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00070FCA .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00070FDB .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0007002C .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00070000 .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00070F8A .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [27, 88] .text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00070FA5 .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F90 .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006001B .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FAB .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FE3 .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060000 .text C:\WINDOWS\system32\services.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FC6 .text C:\WINDOWS\system32\services.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E4007D .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E4006C .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E4005B .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E4004A .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40039 .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F6B .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E400B3 .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F3F .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E400CE .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E400F3 .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E40FA8 .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E40FDE .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E40098 .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E40014 .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E40FCD .text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E40F5A .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E30FD4 .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E3006F .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E30FE5 .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E3001B .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E30FA8 .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E30000 .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E3004A .text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E30FC3 .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20038 .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FAD .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20FD2 .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20FE3 .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E2001D .text C:\WINDOWS\system32\lsass.exe[772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E2000C .text C:\WINDOWS\system32\lsass.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FEF .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40FEF .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40091 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40076 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40065 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B4004A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40039 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B40F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B400AC .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400F3 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B400CE .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B40104 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B40FB2 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B40014 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B40F81 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40FC3 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40FDE .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B400BD .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B30FC3 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30065 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B30FDE .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B30014 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B3004A .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B30FEF .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B30039 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30FB2 .text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20FB9 .text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20044 .text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FDE .text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000 .text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20033 .text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FEF .text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B10000 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F8D .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0FA8 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0FB9 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC006C .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0040 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F70 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC00B8 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00F8 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F55 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC0109 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0051 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0FE5 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC00A7 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0FCA .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC001B .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC00D3 .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CB0FB9 .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CB0040 .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CB0FD4 .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CB0FEF .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CB002F .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CB0000 .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CB0F8D .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EB, 88] {JMP 0xffffffffffffff8a} .text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CB0F9E .text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0042 .text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FB7 .text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA001D .text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0000 .text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FC8 .text C:\WINDOWS\system32\svchost.exe[1020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FE3 .text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90FEF .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025E0FE5 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025E0073 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025E0062 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025E0F88 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025E0051 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025E0036 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025E00B5 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025E008E .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025E00F2 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025E00D7 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 025E0103 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 025E0FB9 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 025E0FCA .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 025E0F63 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 025E0025 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 025E0000 .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 025E00C6 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 025D0025 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 025D006C .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 025D0FD4 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 025D0FE5 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 025D0051 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 025D0000 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 025D0FAF .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [7D, 8A] {JGE 0xffffffffffffff8c} .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 025D0036 .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01B90FAB .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!system 77C293C7 5 Bytes JMP 01B90036 .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01B90FCD .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01B90000 .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01B90FBC .text C:\WINDOWS\System32\svchost.exe[1116] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01B90011 .text C:\WINDOWS\System32\svchost.exe[1116] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B80FEF .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01B70FE5 .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01B70000 .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01B70FD4 .text C:\WINDOWS\System32\svchost.exe[1116] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01B7001B .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00860000 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0086009D .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00860FA8 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00860076 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00860065 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00860FC3 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00860F7C .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00860F8D .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00860F61 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00860104 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00860F50 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0086004A .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00860FE5 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 008600B8 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00860FD4 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00860025 .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 008600E9 .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00850FBC .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0085004A .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00850FCD .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00850FDE .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00850039 .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00850FEF .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00850FA1 .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [A5, 88] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00850028 .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00840F90 .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00840011 .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00840FC6 .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00840000 .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00840FAB .text C:\WINDOWS\system32\svchost.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00840FE3 .text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00830FEF .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0093 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0082 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0071 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD004A .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FB2 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F72 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F83 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00D5 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F3C .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F21 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD0039 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD0FE5 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD00AE .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0FC3 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD0FD4 .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD0F4D .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0036 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC0076 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0025 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC0FE5 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0FB9 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0000 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CC0FCA .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EC, 88] .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0051 .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0038 .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB001D .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB000C .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89] .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0FAD .text C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FD2 .text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA000A .text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C90FEF .text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C90FD4 .text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C90FB9 .text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00C9000A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03300000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03300036 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03300F4B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03300025 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03300F72 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03300F9E .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03300F15 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03300F26 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03300093 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03300EF0 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 033000A4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03300F83 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03300FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03300051 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03300FAF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03300FD4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03300078 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 032F0FDB .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 032F007D .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 032F002C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 032F001B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 032F006C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 032F0000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 032F0051 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 032F0FCA .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 032E0F9E .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 032E0FB9 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 032E0029 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 032E000C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 032E0FD4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 032E0FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 032D0000 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F70 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F81 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F9E .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAF .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0051 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F55 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0091 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F33 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00CC .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F18 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0FD4 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0080 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FEF .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0040 .text C:\WINDOWS\Explorer.EXE[3796] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F44 .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FD1 .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029007D .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0029002C .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290011 .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290062 .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000 .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FC0 .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [49, 88] .text C:\WINDOWS\Explorer.EXE[3796] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029003D .text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F97 .text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FA8 .text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FCD .text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF .text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0022 .text C:\WINDOWS\Explorer.EXE[3796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FDE .text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000 .text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FEF .text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0025 .text C:\WINDOWS\Explorer.EXE[3796] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 002C0036 .text C:\WINDOWS\Explorer.EXE[3796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02580FEF ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001B50] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001A80] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001AE0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001A20] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) IAT C:\WINDOWS\Explorer.EXE[3796] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001CF0] C:\Program Files\NetInst\NiApmgnt.dll (NetInstall Application Management Hook DLL/enteo Software GmbH) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- |
09.05.2011, 14:54 | #2 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite hallo,
__________________1. hast du den link noch, falls ja, als private nachicht an mich. 2. zeigt der pc symtome, wenn ja welche?
__________________ |
09.05.2011, 15:01 | #3 |
| Trojaner nach Besuch von suspekter Webseite Danke für die schnelle Reaktion, markusg.
__________________1. Den Link habe ich noch. Wo finde ich den Deine priv Email-Aresse 2. Keine Symptome. Aber muß ja nichts heißen.... Danke. Gruß, zn |
09.05.2011, 15:03 | #4 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite klicke auf meinen namen, also auf markusg, dann auf nachicht senden, dann private nachicht senden und dort erst nen betreff eingeben und dann den link
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.05.2011, 15:15 | #5 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite ok site ist offline download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.05.2011, 16:55 | #6 |
| Trojaner nach Besuch von suspekter Webseite Danke. Was bedeutet "funde entfernen"? Der Scan ist durch. Die nc.exe brauche ich ab und zu. Das ist okay. Ist das andere auch okay? Vielen Dank im Voraus. Gruß, nz Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6538 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.05.2011 17:53:37 mbam-log-2011-05-09 (17-53-26).txt Scan type: Full scan (C:\|) Objects scanned: 271970 Time elapsed: 32 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (PUM.Hijack.Run) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (PUM.Hijack.Drives) -> Bad: (4) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\program files\Bat\nc.exe (Backdoor.NetCat) -> No action taken. |
09.05.2011, 17:13 | #7 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (PUM.Hijack.Run) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (PUM.Hijack.Drives) -> Bad: (4) Good: (0) -> No action taken. diese über ergebniss anzeigen markieren und entfernen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.05.2011, 17:58 | #8 |
| Trojaner nach Besuch von suspekter Webseite Hab ich gemacht und gebootet. That's it? Oder soll ich noch was prüfen? War das etwas ernsthaftes? Vielen Dank für die super-schnellen Antworten. Gruß, zn PS: für einen Menschen bist Du zu schnell, aber für einen Bot zu intelligent. Gruß, zn |
09.05.2011, 18:07 | #9 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite nichts ernsthaftes. lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 07:10 | #10 |
| Trojaner nach Besuch von suspekter Webseite Ich glaube, ich brauche das Meiste. Bei dem MS-Zeug bin ich mir natürlich nicht ganz sicher... nötig 7-Zip 9.20 nötig ActivePerl 5.12.3 Build 1204 ActiveState 5.12.1204 nötig Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 10.0.12.36 nötig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.2.152.32 nötig Adobe Reader 9 Adobe Systems Incorporated 9.0.0 nötig CCleaner Piriform 3.06 nötig Citrix ICA Client englisch 9.150.39151 nötig Citrix WEB Client nötig Compatibility Pack for the 2007 Office system Microsoft Corporation 12.0.6021.5000 nötig doPDF Softland 7.1 nötig doPDF 6.2.301 nötig Dot Net Framework 3.5 SP1 nötig eDocPrinter PDF Pro Ver 6.24 ITEKSOFT Corporation nötig IBM Lotus Quickr Connectors IBM 8.5.0.882 nötig Intel(R) Graphics Media Accelerator Driver Intel Corporation 6.14.10.5179 nötig J2SE Runtime Environment 5.0 Update 7 Sun Microsystems, Inc. 1.5.0.70 nötig Java(TM) 6 Update 24 Sun Microsystems, Inc. 6.0.240 nötig KeePass Password Safe 2.14 Dominik Reichl nötig Lotus Notes 8.5.2 IBM 8.52.10222 nötig Malwarebytes' Anti-Malware Malwarebytes Corporation nötig McAfee VirusScan Enterprise McAfee, Inc. 8.6.0 nötig MetaFrame Presentation Server Client Citrix Systems, Inc. 9.150.39151 nötig Microsoft .NET Framework 1.1 nötig Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729 nötig Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 2.2.30729 nötig Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729 nötig Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 3.2.30729 nötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation nötig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation nötig Microsoft Office 2003 French User Interface Pack Microsoft Corporation 11.0.7969.0 nötig Microsoft Office 2003 French User Interface Pack 11.0 SP2 nötig Microsoft Office 2003 German User Interface Pack Microsoft Corporation 11.0.7969.0 nötig Microsoft Office 2003 German User Interface Pack 11.0 SP2 nötig Microsoft Office 2003 Italian User Interface Pack Microsoft Corporation 11.0.5614.0 nötig Microsoft Office 2003 Italian User Interface Pack 11.0 SP2 nötig Microsoft Office Live Meeting 2007 Microsoft Corporation 8.0.6362.128 nötig Microsoft Office Standard 2003 SP2 nötig Microsoft Office Standard Edition 2003 Microsoft Corporation 11.0.7969.0 nötig Microsoft Office Visio 2003 French User Interface Pack Microsoft Corporation 11.0.7969.0 nötig Microsoft Office Visio 2003 German User Interface Pack Microsoft Corporation 11.0.7969.0 nötig Microsoft Office Visio 2003 Italian User Interface Pack Microsoft Corporation 11.0.7969.0 nötig Microsoft Office Visio Standard 2003 Microsoft Corporation 11.0.3216.5614 nötig Microsoft Silverlight Microsoft Corporation 3.0.50106.0 nötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.56336 nötig MindManager X5 Mindjet LLC 5.2.344 nötig Mozilla Firefox (3.6.17) Mozilla 3.6.17 (en-US) nötig PingPlotter Standard 3.30.4s Nessoft, LLC 3.30.4s nötig Project Reader K-SOL S.r.l. 3.06.0000 nötig Quality Center Client Side HP 9.2.0.0 nötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. nötig Sybase Adaptive Server Enterprise Suite nötig Sybase Software Developer's Kit 12.5.1 ESD 8 nötig TANDBERG ConferenceMe (TM) TANDBERG 1.0.1.2 nötig Test_Lotus Notes 8.5.2 EN nötig VitalQIP nötig VLC media player 1.1.7 VideoLAN 1.1.7 nötig Windows Internet Explorer 8 Microsoft Corporation 20090308.140743 nötig WinMerge 2.4.10.0 Thingamahoochie Software 2.4.10.0 nötig WinPcap 4.1.2 CACE Technologies 4.1.0.2001 nötig WinSCP 4.3.2 Martin Prikryl 4.3.2 nötig Wireshark 1.4.3 The Wireshark developer community, Wireshark Go deep. 1.4.3 |
10.05.2011, 09:21 | #11 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite Adobe Reader 9 Adobe - Adobe Reader herunterladen - Alle Versionen nimm den haken bei mcafee security scan raus. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. J2SE Java(TM) 6 Update 24 Java SE Downloads klicke download jre an Mozilla Firefox hier gibts bereits version 4 über hilfe, update instalieren bereinige mit dem ccleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 11:36 | #12 |
| Trojaner nach Besuch von suspekter Webseite Danke. Bin ich soweit durch. Vielen Dank für die Super-Hilfe und die Super-Reaktionszeit. Gruß, zn |
10.05.2011, 11:47 | #13 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite wir können den pc noch absichern falls erwünscht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 12:24 | #14 |
| Trojaner nach Besuch von suspekter Webseite gerne, wenn das nicht so kompliziert ist... zn |
10.05.2011, 12:28 | #15 |
/// Malware-holic | Trojaner nach Besuch von suspekter Webseite erst mal scanne nach update mit mcafee. kompliziert denke ich nicht, man muss sich halt an 2 3 neue programme gewöhnen, dauert aber nicht lang und sie werden nützlich sein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Trojaner nach Besuch von suspekter Webseite |
.dll, besuch, bytes, c:\windows, c:\windows\system32\services.exe, crypt, experten, explorer.exe, files, gmer-log, hook, install, kernel, link, link geklickt, lsass.exe, scan, secur, service, services.exe, shell, shell32.dll, software, suspekt, svchost.exe, system, system32, trojaner, udp, webseite |