Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win 8 diverse Funde PUP (Babylon) Win32/installcore

Win 8 diverse Funde PUP (Babylon) Win32/installcore


Log-Analyse und Auswertung: Win 8 diverse Funde PUP (Babylon) Win32/installcore

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.09.2013, 21:12   #2
2ndSkin
 
Win 8 diverse Funde PUP (Babylon) Win32/installcore - Standard

Win 8 diverse Funde PUP (Babylon) Win32/installcore


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-17 21:58:31
Windows 6.2.9200  \Device\Harddisk0\DR0 -> \Device\00000034 ST9250827AS rev.3.AAA 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lib!\AppData\Local\Temp\kxtdapog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwWriteVirtualMemory [0x8E19776E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwVdmControl [0x8C02E80E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwUnloadDriver [0x8E195C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwTerminateThread [0x8C02FCF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwTerminateProcess [0x8E1978EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSystemDebugControl [0x8C02E556]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSuspendThread [0x8C0301C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSuspendProcess [0x8C030066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwShutdownSystem [0x8C02E45C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetSystemPowerState [0x8C02E4CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetSystemInformation [0x8C02E2F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetContextThread [0x8C02FD16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetBootOptions [0x8C02E7A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwSetBootEntryOrder [0x8C02E742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwReplyWaitReceivePortEx [0x8C03122A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwReplyWaitReceivePort [0x8C0358B4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwQueueApcThreadEx [0x8C030506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwQueryObject [0x8C0307F8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwProtectVirtualMemory [0x8E197822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenTimer [0x8C03B0DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenThread [0x8C03326E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenSemaphore [0x8C03AEF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenSection [0x8C03B036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenProcess [0x8C032E78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenMutant [0x8C03AEAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenIoCompletion [0x8C03B122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenEventPair [0x8C03AF86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwOpenEvent [0x8C03AF42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwNotifyChangeMultipleKeys [0x8C03092C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwNotifyChangeKey [0x8C03398C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwModifyBootEntry [0x8C02E6DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwLoadDriver [0x8E195C12]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwFreeVirtualMemory [0x8E1976C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwDuplicateObject [0x8C033596]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwDeleteBootEntry [0x8C02E676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwDebugActiveProcess [0x8C02FE9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateTimer [0x8C03B0B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateThreadEx [0x8C02F800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateThread [0x8C02F5E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateSemaphore [0x8C03AECE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwCreateSection [0x8E197992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateMutant [0x8C03AE86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateIoCompletion [0x8C03B0FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateEventPair [0x8C03AF64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwCreateEvent [0x8C03AF18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwAssignProcessToJobObject [0x8C02F0E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwAlpcSendWaitReceivePort [0x8C031256]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwAllocateVirtualMemory [0x8E1975FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                 ZwAddBootEntry [0x8C02E610]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ZwCreateProcessEx [0x8E1B0E00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                 ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwCallbackReturn + 118                                                                                                                   81AD7E24 4 Bytes  CALL E4800A2B 
.text           ntoskrnl.exe!ZwCallbackReturn + 16C                                                                                                                   81AD7E78 12 Bytes  [56, E5, 02, 8C, C8, 01, 03, ...]
.text           ntoskrnl.exe!ZwCallbackReturn + 604                                                                                                                   81AD8310 12 Bytes  [B8, B0, 03, 8C, 00, F8, 02, ...]
.text           ntoskrnl.exe!ZwReplacePartitionUnit + 26B1                                                                                                            81B4DAB5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                                                81B5239A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[272] KERNEL32.DLL!GetBinaryTypeW + 6F                          76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 6F                                                                                   76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\wininit.exe[496] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 6F                                                                                   76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[564] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           ...                                                                                                                                                   
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] C:\WINDOWS\SYSTEM32\ntdll.dll                                                 time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] ntdll.dll!NtProtectVirtualMemory                                              76F55940 5 Bytes  JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] C:\WINDOWS\system32\KERNEL32.DLL                                              time/date stamp mismatch; unknown module: 0.dllunknown module: cryptnet.dllunknown module: 0.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] KERNEL32.DLL!GetBinaryTypeW + 6F                                              76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[944] user32.dll!UserClientDllInitialize + 311                                      74DBC3EC 4 Bytes  [F0, 28, 8F, 69]
.text           C:\WINDOWS\system32\dwm.exe[968] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                     76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[980] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1084] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Classic Shell\ClassicShellService.exe[1220] KERNEL32.DLL!GetBinaryTypeW + 6F                                                         76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1264] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           ...                                                                                                                                                   
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] ntdll.dll!LdrUnloadDll          76F62029 5 Bytes  JMP 006103FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] ntdll.dll!LdrLoadDll            76F75D29 5 Bytes  JMP 006101F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!UnhookWindowsHookEx  74DBA37A 5 Bytes  JMP 006D0A08 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWindowsHookExW    74DBF223 5 Bytes  JMP 006D0804 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!UnhookWinEvent       74DBFE7F 5 Bytes  JMP 006D03FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWinEventHook      74DC938E 5 Bytes  JMP 006D01F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x86__8wekyb3d8bbwe\LiveComm.exe[1372] USER32.dll!SetWindowsHookExA    74DD6F76 5 Bytes  JMP 006D0600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1384] KERNEL32.DLL!GetBinaryTypeW + 6F                                                             76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\lxeecoms.exe[1524] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                               76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\spoolsv.exe[1620] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1672] KERNEL32.DLL!GetBinaryTypeW + 6F                                                        76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Classic Shell\ClassicStartMenu.exe[1764] KERNEL32.DLL!GetBinaryTypeW + 6F                                                            76A1DDE0 1 Byte  [62]
.text           ...                                                                                                                                                   
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] ntdll.dll!LdrUnloadDll                                                              76F62029 5 Bytes  JMP 015803FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] ntdll.dll!LdrLoadDll                                                                76F75D29 5 Bytes  JMP 015801F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] KERNEL32.dll!GetBinaryTypeW + 6F                                                    76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!UnhookWindowsHookEx                                                      74DBA37A 5 Bytes  JMP 015D0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWindowsHookExW                                                        74DBF223 5 Bytes  JMP 015D0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!UnhookWinEvent                                                           74DBFE7F 5 Bytes  JMP 015D03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWinEventHook                                                          74DC938E 5 Bytes  JMP 015D01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2444] USER32.dll!SetWindowsHookExA                                                        74DD6F76 5 Bytes  JMP 015D0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] ntdll.dll!LdrUnloadDll                                                            76F62029 5 Bytes  JMP 00D603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] ntdll.dll!LdrLoadDll                                                              76F75D29 5 Bytes  JMP 00D601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] KERNEL32.dll!GetBinaryTypeW + 6F                                                  76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!UnhookWindowsHookEx                                                    74DBA37A 5 Bytes  JMP 00DA0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWindowsHookExW                                                      74DBF223 5 Bytes  JMP 00DA0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!UnhookWinEvent                                                         74DBFE7F 5 Bytes  JMP 00DA03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWinEventHook                                                        74DC938E 5 Bytes  JMP 00DA01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2576] USER32.dll!SetWindowsHookExA                                                      74DD6F76 5 Bytes  JMP 00DA0600 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 007F03FC 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 007F01F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] KERNEL32.dll!GetBinaryTypeW + 6F                                                                          76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 00820A08 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 00820804 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 008203FC 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 008201F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[2672] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 00820600 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] ntdll.dll!LdrUnloadDll                                                                76F62029 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] ntdll.dll!LdrLoadDll                                                                  76F75D29 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!UnhookWindowsHookEx                                                        74DBA37A 5 Bytes  JMP 00230A08 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWindowsHookExW                                                          74DBF223 5 Bytes  JMP 00230804 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!UnhookWinEvent                                                             74DBFE7F 5 Bytes  JMP 002303FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWinEventHook                                                            74DC938E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenuServices.exe[2764] user32.dll!SetWindowsHookExA                                                          74DD6F76 5 Bytes  JMP 00230600 
.text           C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 00AE03FC 
.text           C:\WINDOWS\system32\svchost.exe[2828] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 00AE01F8 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!UnhookWindowsHookEx                                                                                  74DBA37A 5 Bytes  JMP 00BE0A08 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExW                                                                                    74DBF223 5 Bytes  JMP 00BE0804 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!UnhookWinEvent                                                                                       74DBFE7F 5 Bytes  JMP 00BE03FC 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWinEventHook                                                                                      74DC938E 5 Bytes  JMP 00BE01F8 
.text           C:\WINDOWS\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExA                                                                                    74DD6F76 5 Bytes  JMP 00BE0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] ntdll.dll!LdrUnloadDll                                                                  76F62029 5 Bytes  JMP 00BC03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] ntdll.dll!LdrLoadDll                                                                    76F75D29 5 Bytes  JMP 00BC01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] KERNEL32.dll!GetBinaryTypeW + 6F                                                        76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!UnhookWindowsHookEx                                                          74DBA37A 5 Bytes  JMP 00C00A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWindowsHookExW                                                            74DBF223 5 Bytes  JMP 00C00804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!UnhookWinEvent                                                               74DBFE7F 5 Bytes  JMP 00C003FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWinEventHook                                                              74DC938E 5 Bytes  JMP 00C001F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2864] USER32.dll!SetWindowsHookExA                                                            74DD6F76 5 Bytes  JMP 00C00600 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 00240A08 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 00240804 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 002403FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 002401F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu8.exe[2972] user32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 00240600 
.text           C:\WINDOWS\system32\svchost.exe[3340] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 011003FC 
.text           C:\WINDOWS\system32\svchost.exe[3340] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 011001F8 
.text           C:\WINDOWS\system32\svchost.exe[3340] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 00B103FC 
.text           C:\WINDOWS\system32\svchost.exe[3412] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 00B101F8 
.text           C:\WINDOWS\system32\svchost.exe[3412] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                76A1DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!UnhookWindowsHookEx                                                                                  74DBA37A 5 Bytes  JMP 00B30A08 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWindowsHookExW                                                                                    74DBF223 5 Bytes  JMP 00B30804 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!UnhookWinEvent                                                                                       74DBFE7F 5 Bytes  JMP 00B303FC 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWinEventHook                                                                                      74DC938E 5 Bytes  JMP 00B301F8 
.text           C:\WINDOWS\system32\svchost.exe[3412] user32.dll!SetWindowsHookExA                                                                                    74DD6F76 5 Bytes  JMP 00B30600 
.text           C:\Windows\System32\WUDFHost.exe[3492] ntdll.dll!LdrUnloadDll                                                                                         76F62029 5 Bytes  JMP 001503FC 
.text           C:\Windows\System32\WUDFHost.exe[3492] ntdll.dll!LdrLoadDll                                                                                           76F75D29 5 Bytes  JMP 001501F8 
.text           C:\Windows\System32\WUDFHost.exe[3492] KERNEL32.dll!GetBinaryTypeW + 6F                                                                               76A1DDE0 1 Byte  [62]
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!UnhookWindowsHookEx                                                                                 74DBA37A 5 Bytes  JMP 00190A08 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWindowsHookExW                                                                                   74DBF223 5 Bytes  JMP 00190804 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!UnhookWinEvent                                                                                      74DBFE7F 5 Bytes  JMP 001903FC 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWinEventHook                                                                                     74DC938E 5 Bytes  JMP 001901F8 
.text           C:\Windows\System32\WUDFHost.exe[3492] USER32.dll!SetWindowsHookExA                                                                                   74DD6F76 5 Bytes  JMP 00190600 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] ntdll.dll!LdrUnloadDll                                                                   76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] ntdll.dll!LdrLoadDll                                                                     76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] KERNEL32.dll!GetBinaryTypeW + 6F                                                         76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!UnhookWindowsHookEx                                                           74DBA37A 5 Bytes  JMP 00240A08 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWindowsHookExW                                                             74DBF223 5 Bytes  JMP 00240804 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!UnhookWinEvent                                                                74DBFE7F 5 Bytes  JMP 002403FC 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWinEventHook                                                               74DC938E 5 Bytes  JMP 002401F8 
.text           C:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe[3512] user32.dll!SetWindowsHookExA                                                             74DD6F76 5 Bytes  JMP 00240600 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 004703FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 004701F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 004A0A08 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 004A0804 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 004A03FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 004A01F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3608] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 004A0600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] ntdll.dll!LdrUnloadDll                                                                             76F62029 5 Bytes  JMP 00C003FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] ntdll.dll!LdrLoadDll                                                                               76F75D29 5 Bytes  JMP 5BF6F140 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!InterlockedExchange + 11                                                              76A0153B 7 Bytes  JMP 5C58FDF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!GetStdHandle + C                                                                      76A01B37 7 Bytes  JMP 5C58FDD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!CreateProcessW + 69                                                                   76A04798 7 Bytes  JMP 5BF72942 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] KERNEL32.dll!GetBinaryTypeW + 6F                                                                   76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!UnhookWindowsHookEx                                                                     74DBA37A 5 Bytes  JMP 00C10A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWindowsHookExW                                                                       74DBF223 5 Bytes  JMP 00C10804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!UnhookWinEvent                                                                          74DBFE7F 5 Bytes  JMP 00C103FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWinEventHook                                                                         74DC938E 5 Bytes  JMP 00C101F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] USER32.dll!SetWindowsHookExA                                                                       74DD6F76 5 Bytes  JMP 00C10600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3860] GDI32.dll!SetWindowOrgEx + 3C7                                                                     74A68C9D 7 Bytes  JMP 5C58FD53 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] ntdll.dll!LdrUnloadDll                                                                76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] ntdll.dll!LdrLoadDll                                                                  76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] KERNEL32.dll!GetBinaryTypeW + 6F                                                      76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!UnhookWindowsHookEx                                                        74DBA37A 5 Bytes  JMP 00330A08 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWindowsHookExW                                                          74DBF223 5 Bytes  JMP 00330804 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!UnhookWinEvent                                                             74DBFE7F 5 Bytes  JMP 003303FC 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWinEventHook                                                            74DC938E 5 Bytes  JMP 003301F8 
.text           C:\Program Files\IObit\Start Menu 8\InstallServices32.exe[3988] user32.dll!SetWindowsHookExA                                                          74DD6F76 5 Bytes  JMP 00330600 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 006B03FC 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 006B01F8 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 006F0A08 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 006F0804 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 006F03FC 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 006F01F8 
.text           C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4240] USER32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 006F0600 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] ntdll.dll!LdrUnloadDll                                                                                     76F62029 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] ntdll.dll!LdrLoadDll                                                                                       76F75D29 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!UnhookWindowsHookEx                                                                             74DBA37A 5 Bytes  JMP 00320A08 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWindowsHookExW                                                                               74DBF223 5 Bytes  JMP 00320804 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!UnhookWinEvent                                                                                  74DBFE7F 5 Bytes  JMP 003203FC 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWinEventHook                                                                                 74DC938E 5 Bytes  JMP 003201F8 
.text           C:\Program Files\Apoint2K\Apoint.exe[4252] USER32.dll!SetWindowsHookExA                                                                               74DD6F76 5 Bytes  JMP 00320600 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] KERNEL32.dll!GetBinaryTypeW + 6F                                                             76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 00230A08 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 00230804 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 002303FC 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\Lexmark Pro700 Series\lxeemon.exe[4264] USER32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 00230600 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] ntdll.dll!LdrUnloadDll                                                                       76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] ntdll.dll!LdrLoadDll                                                                         76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] KERNEL32.dll!GetBinaryTypeW + 6F                                                             76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!UnhookWindowsHookEx                                                               74DBA37A 5 Bytes  JMP 004A0A08 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWindowsHookExW                                                                 74DBF223 5 Bytes  JMP 004A0804 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!UnhookWinEvent                                                                    74DBFE7F 5 Bytes  JMP 004A03FC 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWinEventHook                                                                   74DC938E 5 Bytes  JMP 004A01F8 
.text           C:\Program Files\Lexmark Pro700 Series\ezprint.exe[4276] USER32.dll!SetWindowsHookExA                                                                 74DD6F76 5 Bytes  JMP 004A0600 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] ntdll.dll!LdrUnloadDll                                                                                           76F62029 5 Bytes  JMP 00A803FC 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] ntdll.dll!LdrLoadDll                                                                                             76F75D29 5 Bytes  JMP 00A801F8 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!UnhookWindowsHookEx                                                                                   74DBA37A 5 Bytes  JMP 00AA0A08 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWindowsHookExW                                                                                     74DBF223 5 Bytes  JMP 00AA0804 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!UnhookWinEvent                                                                                        74DBFE7F 5 Bytes  JMP 00AA03FC 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWinEventHook                                                                                       74DC938E 5 Bytes  JMP 00AA01F8 
.text           C:\WINDOWS\system32\ctfmon.exe[4312] USER32.dll!SetWindowsHookExA                                                                                     74DD6F76 5 Bytes  JMP 00AA0600 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[4320] KERNEL32.DLL!GetBinaryTypeW + 6F                                                              76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] ntdll.dll!LdrUnloadDll                                                                76F62029 5 Bytes  JMP 00B303FC 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] ntdll.dll!LdrLoadDll                                                                  76F75D29 5 Bytes  JMP 00B301F8 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] KERNEL32.dll!GetBinaryTypeW + 6F                                                      76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!UnhookWindowsHookEx                                                        74DBA37A 5 Bytes  JMP 00B60A08 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWindowsHookExW                                                          74DBF223 5 Bytes  JMP 00B60804 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!UnhookWinEvent                                                             74DBFE7F 5 Bytes  JMP 00B603FC 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWinEventHook                                                            74DC938E 5 Bytes  JMP 00B601F8 
.text           C:\Program Files\Boxcryptor Classic\BoxcryptorClassic.exe[4424] USER32.dll!SetWindowsHookExA                                                          74DD6F76 5 Bytes  JMP 00B60600 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] ntdll.dll!LdrUnloadDll                                                                     76F62029 5 Bytes  JMP 005603FC 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] ntdll.dll!LdrLoadDll                                                                       76F75D29 5 Bytes  JMP 005601F8 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] KERNEL32.dll!GetBinaryTypeW + 6F                                                           76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!UnhookWindowsHookEx                                                             74DBA37A 5 Bytes  JMP 005A0A08 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWindowsHookExW                                                               74DBF223 5 Bytes  JMP 005A0804 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!UnhookWinEvent                                                                  74DBFE7F 5 Bytes  JMP 005A03FC 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWinEventHook                                                                 74DC938E 5 Bytes  JMP 005A01F8 
.text           C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[4600] USER32.dll!SetWindowsHookExA                                                               74DD6F76 5 Bytes  JMP 005A0600 
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] C:\WINDOWS\SYSTEM32\ntdll.dll                                                time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!NtProtectVirtualMemory                                             76F55940 5 Bytes  JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!LdrUnloadDll                                                       76F62029 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] ntdll.dll!LdrLoadDll                                                         76F75D29 5 Bytes  JMP 001801F8 
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] C:\WINDOWS\system32\KERNEL32.dll                                             time/date stamp mismatch; unknown module: 0.dllunknown module: cryptnet.dllunknown module: 0.dllunknown module: KERNELBASE.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UnhookWindowsHookEx                                               74DBA37A 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UserClientDllInitialize + 311                                     74DBC3EC 4 Bytes  [F0, 28, 8F, 69]
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWindowsHookExW                                                 74DBF223 5 Bytes  JMP 001E0804 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!UnhookWinEvent                                                    74DBFE7F 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWinEventHook                                                   74DC938E 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4608] user32.dll!SetWindowsHookExA                                                 74DD6F76 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] ntdll.dll!LdrUnloadDll                                                                                   76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] ntdll.dll!LdrLoadDll                                                                                     76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] KERNEL32.dll!GetBinaryTypeW + 6F                                                                         76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!UnhookWindowsHookEx                                                                           74DBA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWindowsHookExW                                                                             74DBF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!UnhookWinEvent                                                                                74DBFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWinEventHook                                                                               74DC938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Apoint2K\ApMsgFwd.exe[4640] USER32.dll!SetWindowsHookExA                                                                             74DD6F76 5 Bytes  JMP 00220600 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] ntdll.dll!LdrUnloadDll                                                                                76F62029 5 Bytes  JMP 00CA03FC 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] ntdll.dll!LdrLoadDll                                                                                  76F75D29 5 Bytes  JMP 00CA01F8 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!UnhookWindowsHookEx                                                                        74DBA37A 5 Bytes  JMP 00CC0A08 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWindowsHookExW                                                                          74DBF223 5 Bytes  JMP 00CC0804 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!UnhookWinEvent                                                                             74DBFE7F 5 Bytes  JMP 00CC03FC 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWinEventHook                                                                            74DC938E 5 Bytes  JMP 00CC01F8 
.text           C:\Program Files\Secunia\PSI\psi_tray.exe[4688] USER32.dll!SetWindowsHookExA                                                                          74DD6F76 5 Bytes  JMP 00CC0600 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] ntdll.dll!LdrUnloadDll                                                                                     76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] ntdll.dll!LdrLoadDll                                                                                       76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!UnhookWindowsHookEx                                                                             74DBA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWindowsHookExW                                                                               74DBF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!UnhookWinEvent                                                                                  74DBFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWinEventHook                                                                                 74DC938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Apoint2K\Apntex.exe[4740] USER32.dll!SetWindowsHookExA                                                                               74DD6F76 5 Bytes  JMP 00220600 
.text           C:\WINDOWS\system32\conhost.exe[4768] ntdll.dll!LdrUnloadDll                                                                                          76F62029 5 Bytes  JMP 00D703FC 
.text           C:\WINDOWS\system32\conhost.exe[4768] ntdll.dll!LdrLoadDll                                                                                            76F75D29 5 Bytes  JMP 00D701F8 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!UnhookWindowsHookEx                                                                                  74DBA37A 5 Bytes  JMP 00D90A08 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWindowsHookExW                                                                                    74DBF223 5 Bytes  JMP 00D90804 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!UnhookWinEvent                                                                                       74DBFE7F 5 Bytes  JMP 00D903FC 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWinEventHook                                                                                      74DC938E 5 Bytes  JMP 00D901F8 
.text           C:\WINDOWS\system32\conhost.exe[4768] USER32.dll!SetWindowsHookExA                                                                                    74DD6F76 5 Bytes  JMP 00D90600 
.text           C:\Users\Lib!\Desktop\gmer_2.1.19163.exe[4816] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                       76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] KERNEL32.dll!GetBinaryTypeW + 6F                                                                          76A1DDE0 1 Byte  [62]
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Apoint2K\HidFind.exe[4884] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 00220600 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] ntdll.dll!LdrUnloadDll                                                                     76F62029 5 Bytes  JMP 002103FC 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] ntdll.dll!LdrLoadDll                                                                       76F75D29 5 Bytes  JMP 002101F8 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] KERNEL32.dll!GetBinaryTypeW + 6F                                                           76A1DDE0 1 Byte  [62]
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!UnhookWindowsHookEx                                                             74DBA37A 5 Bytes  JMP 00390A08 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWindowsHookExW                                                               74DBF223 5 Bytes  JMP 00390804 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!UnhookWinEvent                                                                  74DBFE7F 5 Bytes  JMP 003903FC 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWinEventHook                                                                 74DC938E 5 Bytes  JMP 003901F8 
.text           C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[5036] user32.dll!SetWindowsHookExA                                                               74DD6F76 5 Bytes  JMP 00390600 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] ntdll.dll!LdrUnloadDll                                                                                    76F62029 5 Bytes  JMP 009903FC 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] ntdll.dll!LdrLoadDll                                                                                      76F75D29 5 Bytes  JMP 009901F8 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] KERNEL32.dll!GetBinaryTypeW + 6F                                                                          76A1DDE0 1 Byte  [62]
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!UnhookWindowsHookEx                                                                            74DBA37A 5 Bytes  JMP 009C0A08 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWindowsHookExW                                                                              74DBF223 5 Bytes  JMP 009C0804 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!UnhookWinEvent                                                                                 74DBFE7F 5 Bytes  JMP 009C03FC 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWinEventHook                                                                                74DC938E 5 Bytes  JMP 009C01F8 
.text           C:\Windows\System32\RuntimeBroker.exe[5104] USER32.dll!SetWindowsHookExA                                                                              74DD6F76 5 Bytes  JMP 009C0600 
.text           C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe[5288] KERNEL32.DLL!GetBinaryTypeW + 6F                                                 76A1DDE0 1 Byte  [62]

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                              cbfs4.sys (Callback File System Driver/EldoS Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                     -1136276321

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
Code:
ATTFilter
C:\Users\Lib!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IMQ7W51\pack[1].7z	Variante von Win32/bProtector.A Anwendung
C:\Users\Lib!\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRBR2828\wajam_install[1].exe	Win32/Wajam.A Anwendung
C:\Users\Lib!\AppData\Local\Temp\WEM5e3Is.exe.part	Variante von Win32/InstallCore.CN Anwendung
C:\Users\Lib!\AppData\Local\Temp\16561674.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\16588241.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\16631079.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\3132765.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\5112230.Uninstall\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BabMaint.exe	Win32/Toolbar.Babylon.I Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\ccp.exe	Win32/Toolbar.Babylon.M Anwendung
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\IEHelper.dll	Win32/Toolbar.Babylon.E Anwendung
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823777_stp\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe	Variante von Win32/InstallCore.AZ Anwendung
C:\Users\Lib!\Downloads\icq8_setup_8.0b6019 - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A Anwendung
D:\Down\CrystalDiskInfo5_0_2-en.exe	Win32/OpenCandy Anwendung
D:\Down\SoftonicDownloader_fuer_unlocker.exe	Win32/SoftonicDownloader.E Anwendung
D:\Down\winamp561_full_emusic-7plus_all.exe	Win32/OpenCandy Anwendung
D:\Down\winamp5623_full_emusic-7plus_de-de.exe	Win32/OpenCandy Anwendung
D:\Down\winamp563_full_emusic-7plus_de-de.exe	Win32/OpenCandy Anwendung
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.17.07

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16688
Lib! :: LIB-PC [Administrator]

17.09.2013 15:57:48
mbam-log-2013-09-17 (15-57-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217202
Laufzeit: 9 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Lib!\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\BABSOLUTION (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\BABSOLUTION\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 19
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\ZKRge08m.exe.part (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\WEM5e3Is.exe.part (PUP.Optional.Installcore) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\EFBC509D-BAB0-7891-9EB2-06E06E3E2329\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823681_stp.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823334_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823419_stp\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Temp\is357113909\1823565_stp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\Downloads\ZipOpenerSetup.exe (PUP.Optional.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_EOONCJEJNPPFJJKLAPAAMHCDMJBILMDE_0.LOCALSTORAGE (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib!\AppData\Roaming\BABSOLUTION\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________
 

Themen zu Win 8 diverse Funde PUP (Babylon) Win32/installcore
adware.agent, antivirus se, ccsetup, chip-downloader.exe, coupons, diagnostics, dr.web, farbar, farbar recovery scan tool, fehlercode 1, launch, msiinstaller, newtab, nexus, nicht installiert, plug-in, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.bandoo, pup.optional.browserdefender.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.installcore, pup.optional.installcore.a, pup.optional.optimizepro.a, pup.optional.optimizerpro.a, pup.optional.wajam, pup.optional.wajam.a, richtlinie, secunia psi, srtasks.exe, win32/bprotector.a, win32/downloadsponsor.a, win32/installcore.az, win32/installcore.cn, win32/softonicdownloader.e, win32/toolbar.babylon.e, win32/toolbar.babylon.i, win32/toolbar.babylon.m, win32/wajam.a, windowsapps


« Interpol Trojaner legt meinen PC lahm | TR/Kazy.795 - Downloads sind nicht mehr möglich »


Ähnliche Themen: Win 8 diverse Funde PUP (Babylon) Win32/installcore


  1. Avira Funde: Somoto.hzis, ATRAPS.Gen, Synatix.isks, InstallCore.Gen7, DownlaodSponsor.Gen - System läuft ansonsten einwandfrei
    Log-Analyse und Auswertung - 25.04.2015 (13)
  2. Fehlermeldung von Avira und diverse Funde von Adaware Cleaner
    Log-Analyse und Auswertung - 28.11.2014 (17)
  3. Diverse Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (5)
  4. Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
    Log-Analyse und Auswertung - 06.03.2014 (15)
  5. Windows 7, PC langsam und diverse Funde durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 07.12.2013 (27)
  6. Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde
    Log-Analyse und Auswertung - 30.10.2013 (15)
  7. Trojan.P2P.Worm, PUP.Optitionional.Babylon.A, PUP.Optitional.InstallCore und PUP.Optitional.PerformerSoft.A
    Log-Analyse und Auswertung - 29.09.2013 (29)
  8. Win 7 64bit: 2 Funde - Diverse Viren in Quarantäne
    Log-Analyse und Auswertung - 15.09.2013 (3)
  9. Diverse Mailware (BrowserDefender, Babylon, LoadTubes...)
    Log-Analyse und Auswertung - 05.08.2013 (9)
  10. Diverse bedenkliche Funde von AntiVir
    Log-Analyse und Auswertung - 13.09.2012 (11)
  11. Java/HackAV.A, Win32/Toolbar.Babylon, MSIL/Solimba.B, Win32/SoftonicDownloader.A, etc.
    Log-Analyse und Auswertung - 08.03.2012 (1)
  12. Mögliche Funde wie "Win32/InstallCore.A" / Suspect "npqtplugin5.dll" u.s.w
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (23)
  13. Diverse Funde PUP.FunWebProducts
    Log-Analyse und Auswertung - 12.12.2011 (1)
  14. Windows XP - diverse Antivir Funde u.a. TR/EyeStye.N.490, TR/Hiloti.D.3194, TR/Dldr.Karagany.A.92
    Log-Analyse und Auswertung - 24.08.2011 (1)
  15. Diverse Funde, kritische Fehler - lohnt sich Reperatur?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (12)
  16. Weiterleitung bei Google und diverse andere Funde
    Log-Analyse und Auswertung - 15.07.2009 (7)
  17. Bitte anschauen. Habe diverse Funde gehabt.
    Log-Analyse und Auswertung - 28.01.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 8 diverse Funde PUP (Babylon) Win32/installcore - Code: Alles auswählen Aufklappen ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-09-17 21:58:31 Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\00000034 ST9250827AS rev.3.AAA 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Lib!\AppData\Local\Temp\kxtdapog.sys ---- System - GMER 2.1 - Win 8 diverse Funde PUP (Babylon) Win32/installcore...
Archiv
Du betrachtest: Win 8 diverse Funde PUP (Babylon) Win32/installcore auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132