Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich


Plagegeister aller Art und deren Bekämpfung: Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.11.2014, 20:11   #1
RedMax88
 
Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Standard

Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich


Wer kann helfen?
Seit gestern dem 13.11.14 (da wurde auch das Avast Virendatenbank Update veöffentlicht)
habe ich von Avast eine Meldung welche C:\Windows\SysWOW64\FirewallAPI.dll mit einem "Win32:Evo-gen[Susp]". Zuerst wurde der Prozess in Verbindung mit Steam gemeldet, nun kurz nach starten von Tuneup auch dieses, wobei ich bemerkt habe dass die Meldung von Avast immer bei starten von Steam und TuneUp erscheint.
Ort bleibt aber immer der selbe, nur der Prozess ändert sich. Wenn ich die gezielt die FirewallAPI Dateien (darunter auch .dll) überprüfen lasse, lässt sich nichts finden. Lasse gerade den Antivirus die Festplatte durchsuchen.
Wenn ich gezielt den Ordnen "SysWOW64" durchsuchen lasse wird kein Virus gefunden.

Ich hab auch die gemeldete "FirawallAPI.dll" mal mithilfe von virustotal überprüfen lassen. 13 rot / 43 grün
10 von den Programmen die es bösartig sehen sind:
Ad-Aware
BitDefender
Emsisoft
F-Secure
GData
McAfee
McAfee-GW-Edition
MicroWorld-eScan
Symantec
nProtect

Inzwischen habe ich auch schon Adwcleaner, CCleaner und RogueKiller zur säuberung verwendet, da ich mir gesagt wurde dass diese Programm sehr zu empfehlen sind.

Logs folgen separat

OTL.txt (mit 64bit Scan)

Code:
ATTFilter
OTL logfile created on: 14.11.2014 00:39:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RedMax\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
15,95 Gb Total Physical Memory | 11,50 Gb Available Physical Memory | 72,09% Memory free
31,89 Gb Paging File | 27,75 Gb Available in Paging File | 87,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 64,98 Gb Free Space | 33,28% Space Free | Partition Type: NTFS
Drive D: | 905,41 Gb Total Space | 396,29 Gb Free Space | 43,77% Space Free | Partition Type: NTFS
Drive E: | 736,20 Gb Total Space | 57,07 Gb Free Space | 7,75% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 442,05 Gb Free Space | 47,46% Space Free | Partition Type: NTFS
 
Computer Name: REDMAX | User Name: RedMax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.11.14 00:26:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RedMax\Downloads\OTL.exe
PRC - [2014.11.12 18:42:06 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
PRC - [2014.11.12 02:04:36 | 001,519,808 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014.11.12 02:04:34 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014.11.12 02:04:32 | 001,940,160 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2014.11.10 23:18:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.11.06 18:08:04 | 002,464,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.11.06 18:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.11.03 21:25:06 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014.09.16 13:07:00 | 000,525,448 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2014.09.16 13:06:56 | 003,696,248 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.07.31 22:43:08 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.07.22 22:43:03 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.07.02 22:58:08 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2014.05.18 22:00:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.03 14:49:32 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.09.12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012.03.26 18:14:26 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.01.23 17:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.11.12 18:42:05 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014.11.12 02:04:54 | 002,227,904 | ---- | M] () -- E:\Program Files (x86)\Steam\video.dll
MOD - [2014.11.12 02:04:34 | 000,690,880 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014.11.11 19:48:12 | 001,171,456 | ---- | M] () -- E:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014.11.11 19:48:12 | 000,485,888 | ---- | M] () -- E:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014.11.11 19:48:12 | 000,442,368 | ---- | M] () -- E:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014.11.11 19:48:12 | 000,403,968 | ---- | M] () -- E:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014.11.11 19:48:12 | 000,332,800 | ---- | M] () -- E:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014.11.11 19:48:04 | 034,589,888 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014.11.11 19:48:02 | 000,837,824 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
MOD - [2014.11.11 19:47:56 | 000,774,656 | ---- | M] () -- E:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014.11.10 23:18:32 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.07.22 22:43:03 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.07.22 22:43:03 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014.01.14 21:30:03 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cbbd3d2335c2d89b7ee5d035651bd80\IAStorUtil.ni.dll
MOD - [2014.01.14 21:30:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d68502fe60d7ada68627a895282ef58d\IAStorCommon.ni.dll
MOD - [2012.12.10 02:38:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012.12.10 02:37:48 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012.12.10 02:37:38 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012.12.10 02:37:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012.12.10 02:37:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012.12.10 02:37:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012.12.10 02:37:28 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012.12.10 02:37:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012.09.12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2012.09.12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2012.09.12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2012.09.12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2012.09.12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009.06.10 13:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 13:41:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.11.06 18:07:54 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014.11.06 18:07:49 | 019,819,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014.07.22 22:43:03 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.12.11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012.07.27 02:30:58 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2012.01.23 15:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.11.12 18:42:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.11.12 02:04:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.11.10 23:18:32 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.11.09 18:53:57 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- E:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014.11.06 18:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.11.03 21:25:06 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.08.27 10:25:42 | 000,441,176 | ---- | M] (Garmin Ltd or its subsidiaries) [On_Demand | Stopped] -- D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014.07.21 17:08:40 | 002,544,976 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014.05.18 22:00:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.12.18 10:01:06 | 002,103,096 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.12.17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.12.09 12:08:00 | 000,096,184 | ---- | M] (Overwolf) [Disabled | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2013.10.23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.08.13 08:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.12.03 14:49:32 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.11.09 04:08:00 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.01.23 17:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.11.06 18:07:49 | 000,019,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014.10.03 20:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014.09.17 05:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014.07.22 22:43:10 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014.07.22 22:43:05 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014.07.22 22:43:05 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.07.22 22:43:05 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014.07.22 22:43:05 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.07.22 22:43:05 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.07.22 22:43:05 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014.07.22 22:43:04 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.06.16 07:01:38 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014.06.16 07:01:38 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014.03.03 00:24:27 | 000,451,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2014.02.18 01:14:23 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014.02.18 01:14:23 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.08.27 16:25:57 | 000,031,136 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2013.05.30 17:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013.04.03 08:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013.04.03 08:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013.04.03 08:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.12.26 00:51:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.12.03 16:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.12.03 16:36:34 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.11.15 09:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.09.28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.21 20:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012.09.21 20:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 20:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.08.11 06:44:16 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.03.26 18:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.26 18:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.26 18:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.07.01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.17 18:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2013.12.16 14:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- d:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 32 EC 28 7B 76 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RedMax\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.07.22 22:43:05 | 000,000,000 | ---D | M]
 
[2014.04.28 12:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedMax\AppData\Roaming\mozilla\Extensions
[2014.11.14 00:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedMax\AppData\Roaming\mozilla\Firefox\Profiles\mcwo6oe9.default\extensions
[2014.11.12 17:33:18 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\RedMax\AppData\Roaming\mozilla\firefox\profiles\mcwo6oe9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.06.25 20:52:16 | 000,002,823 | ---- | M] () -- C:\Users\RedMax\AppData\Roaming\mozilla\firefox\profiles\mcwo6oe9.default\searchplugins\Google.xml
[2014.11.10 23:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.11.10 23:18:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\REDMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MCWO6OE9.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
 
O1 HOSTS File: ([2014.09.08 20:14:59 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204681AE-AABB-4258-BADD-303F0EAF22C9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\consumer_cpl.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\express.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\hamachi-2-ui.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\overwolflauncher.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\owuninstaller.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\prefutil.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\consumer_cpl.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\express.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\overwolflauncher.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\owuninstaller.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\prefutil.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - D:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2014\TUAutoReactivator64.EXE (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fc73d018-4263-11e2-b163-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fc73d018-4263-11e2-b163-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.11.14 00:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014.11.13 23:18:02 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.13 23:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.11.13 23:17:17 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.11.13 23:17:17 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.11.13 23:17:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.11.13 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.11.13 23:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.11.13 22:31:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.11.11 15:36:42 | 000,038,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014.11.11 15:36:42 | 000,032,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014.11.10 23:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.11.10 17:27:25 | 000,615,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014.11.10 17:25:49 | 031,891,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014.11.10 17:25:49 | 024,555,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014.11.10 17:25:49 | 020,923,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014.11.10 17:25:49 | 018,514,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014.11.10 17:25:49 | 017,259,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014.11.10 17:25:49 | 014,031,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014.11.10 17:25:49 | 013,943,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014.11.10 17:25:49 | 011,397,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014.11.10 17:25:49 | 011,335,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014.11.10 17:25:49 | 004,289,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014.11.10 17:25:49 | 004,009,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014.11.10 17:25:49 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434465.dll
[2014.11.10 17:25:49 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434465.dll
[2014.11.10 17:25:49 | 000,962,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014.11.10 17:25:49 | 000,934,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014.11.10 17:25:49 | 000,922,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014.11.10 17:25:49 | 000,898,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014.11.10 17:25:49 | 000,870,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014.11.10 17:25:49 | 000,501,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014.11.10 17:25:49 | 000,417,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014.11.10 17:25:49 | 000,391,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014.11.10 17:25:49 | 000,352,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014.11.10 17:25:49 | 000,349,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.11.10 17:25:49 | 000,303,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014.11.10 17:25:49 | 000,174,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014.11.10 17:25:49 | 000,156,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014.11.05 14:22:59 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434460.dll
[2014.11.05 14:22:59 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434460.dll
[2014.11.03 00:39:37 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Roaming\.technic
[2014.11.01 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Roaming\Cubic
[2014.11.01 16:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014.11.01 16:37:37 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Local\CSO
[2014.10.30 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\GHOSTBUSTERS (tm)
[2014.10.30 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\RedMax\AppData\Local\GHOSTBUSTERS (tm)
[2014.10.29 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\wmd_symbol_cache
[2014.10.29 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\CARS
[2014.10.29 11:04:33 | 001,876,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014.10.29 11:04:33 | 001,539,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[2014.10.21 14:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014.10.21 14:33:26 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.10.21 14:33:23 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.10.21 14:33:23 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.10.21 14:33:23 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.10.21 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014.10.20 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\RedMax\Documents\Assetto Corsa
[2014.10.16 21:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.11.14 00:03:08 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.11.13 23:53:44 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.13 23:53:44 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.13 23:50:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.13 23:48:37 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2014.11.13 23:48:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.11.13 23:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.11.13 23:17:20 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.11.13 18:07:54 | 000,170,262 | ---- | M] () -- C:\Users\RedMax\Documents\cc_20141113_180740.reg
[2014.11.13 18:05:11 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.11.12 18:42:06 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.11.12 18:42:06 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.11 00:45:49 | 000,001,714 | ---- | M] () -- C:\Users\RedMax\Desktop\eurotrucks2.xml
[2014.11.08 08:44:35 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.08 08:44:35 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.11.08 08:44:35 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.08 08:44:35 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.11.08 08:44:35 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.06 18:06:52 | 002,197,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014.11.06 18:06:52 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014.11.06 18:06:33 | 002,800,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014.11.06 18:06:33 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014.11.04 01:04:30 | 031,891,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014.11.04 01:04:30 | 024,555,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014.11.04 01:04:30 | 020,985,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014.11.04 01:04:30 | 020,923,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014.11.04 01:04:30 | 019,966,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014.11.04 01:04:30 | 018,514,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014.11.04 01:04:30 | 017,259,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014.11.04 01:04:30 | 016,884,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014.11.04 01:04:30 | 014,031,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014.11.04 01:04:30 | 013,943,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014.11.04 01:04:30 | 011,397,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014.11.04 01:04:30 | 011,335,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014.11.04 01:04:30 | 004,289,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014.11.04 01:04:30 | 004,009,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014.11.04 01:04:30 | 003,238,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014.11.04 01:04:30 | 002,849,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014.11.04 01:04:30 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434465.dll
[2014.11.04 01:04:30 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434465.dll
[2014.11.04 01:04:30 | 000,987,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014.11.04 01:04:30 | 000,962,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014.11.04 01:04:30 | 000,934,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014.11.04 01:04:30 | 000,922,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014.11.04 01:04:30 | 000,898,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014.11.04 01:04:30 | 000,870,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014.11.04 01:04:30 | 000,501,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014.11.04 01:04:30 | 000,417,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014.11.04 01:04:30 | 000,391,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014.11.04 01:04:30 | 000,352,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014.11.04 01:04:30 | 000,349,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014.11.04 01:04:30 | 000,303,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014.11.04 01:04:30 | 000,174,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014.11.04 01:04:30 | 000,156,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014.11.04 01:04:30 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014.11.04 01:04:30 | 000,059,592 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014.11.04 01:04:30 | 000,027,094 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014.11.03 23:02:42 | 006,882,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014.11.03 23:02:41 | 003,531,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014.11.03 23:02:38 | 002,558,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2014.11.03 23:02:38 | 000,385,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014.11.03 23:02:38 | 000,061,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014.11.03 21:25:08 | 000,615,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014.11.03 12:58:36 | 004,099,264 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014.10.30 05:53:26 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434460.dll
[2014.10.30 05:53:26 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434460.dll
[2014.10.29 11:08:30 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.10.21 14:33:21 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.10.21 14:33:20 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.10.21 14:33:20 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.10.21 14:33:20 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.10.16 21:18:22 | 000,002,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
[2014.10.16 17:54:03 | 001,876,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434448.dll
[2014.10.16 17:54:03 | 001,539,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434448.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.11.14 00:03:08 | 000,037,624 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.11.13 23:48:37 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2014.11.13 23:17:20 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.11.13 18:07:43 | 000,170,262 | ---- | C] () -- C:\Users\RedMax\Documents\cc_20141113_180740.reg
[2014.11.13 15:17:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2014.10.16 21:18:22 | 000,002,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
[2014.08.21 00:37:54 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2014.08.18 01:37:22 | 000,000,132 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014.08.17 20:51:57 | 000,004,608 | ---- | C] () -- C:\Users\RedMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.06.14 23:21:20 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2014.06.13 16:18:08 | 000,012,005 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\alsoft.ini
[2014.06.04 19:21:13 | 000,000,098 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\LauncherSettings_live.cfg
[2014.06.04 19:09:22 | 000,000,041 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\TheHunterSettings_steam_live.cfg
[2014.05.18 22:00:13 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.05.18 22:00:13 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.04.17 07:15:39 | 000,000,051 | ---- | C] () -- C:\Windows\whoami.ini
[2014.02.20 17:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2014.01.08 13:39:44 | 000,010,302 | ---- | C] () -- C:\Users\RedMax\AppData\Local\recently-used.xbel
[2013.10.15 00:08:33 | 000,005,056 | ---- | C] () -- C:\ProgramData\lbzhlueq.mtr
[2013.09.08 02:44:59 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.09.08 02:44:41 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.09.08 02:44:41 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.06.24 18:49:41 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.06.24 18:49:40 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.06.03 11:26:18 | 001,065,984 | ---- | C] () -- C:\Users\RedMax\AppData\Local\file__0.localstorage
[2013.04.18 23:34:24 | 2075,344,036 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\.minecraft3.rar
[2013.04.18 23:34:24 | 1859,886,300 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\.minecraft2.rar
[2013.04.18 23:34:24 | 1409,226,674 | ---- | C] () -- C:\Users\RedMax\AppData\Roaming\.minecraft.rar
[2013.04.07 12:07:26 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013.02.06 16:48:56 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013.02.06 16:48:56 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013.02.06 16:48:56 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013.02.06 16:48:56 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013.02.06 16:48:56 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013.02.06 16:48:56 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013.02.06 16:48:56 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013.02.06 16:48:56 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013.02.06 16:48:56 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013.02.06 16:48:56 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013.02.06 16:48:56 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013.02.06 16:48:56 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013.02.06 16:48:56 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013.02.06 16:48:56 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013.02.06 16:48:56 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013.02.06 16:48:56 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013.02.06 16:48:56 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013.02.06 16:48:56 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013.02.06 16:48:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.23 23:55:08 | 000,000,017 | ---- | C] () -- C:\Users\RedMax\AppData\Local\resmon.resmoncfg
[2012.12.23 21:11:54 | 000,062,232 | R--- | C] () -- C:\Windows\SysWow64\GameuxInstallHelper.dll
[2012.12.11 09:14:50 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.12.10 18:44:27 | 000,065,089 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.12.10 18:43:24 | 000,050,910 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.12.10 02:09:10 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.10 01:59:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:842730FD3E4241FA

< End of report >
inzwischen kann ich die Datei "FirewallAPI.dll" nicht mehr bei VirusTotal hochladen da sich genau dann Avast meldet und es vom Browser heißt dass diese Datei einen Virus hat und somit nicht hochladen lässt.

Da ich Nachtdienst habe werd ich also eher zur Mittagszeit am PC Arbeiten können, aber ich werd jetzt mal hinlegen da ich dann heute dann meinen Sohn in den Kindergarten bringen und dann am PC arbeiten werde, Nachts fängt dann mein erster Dienst dieser Woche an.

Bin so Dankbar wenn man diese Fehlermeldung los werden könnte.

Um das ganze mal in Ruhe zu erklären:

Avast Meldet die C:\Windows\SysWOW64\FirewallAPI.dll mit einem "Win32:Evo-gen[Susp]".
Die Meldung kommt aber erst (wenn ich mich nicht irre) seit gestern nachmittag, also in etwas seit dem veröffentlichtem Virendatenbank-Update.

Die Meldungen kommen dann in Verbindung mit einem Prozess wenn:

Steam Service- Steam ein Update bezieht (darunter Spieleupdates)

Firefox.exe- Ich versuche bei VirusTotal.com eine Datei zum hochladen auswählen möchte

Integrator.exe- TuneUp starte und auch eines der Programme von TuneUp ausführe

wmplayer.exe- ist bis jetzt vielleicht 2 mal vorgekommen beim abspielen eines Clips mit Windows Media Player.

Desweiteren meldet TuneUp dass ich keine Firewall aktiviert habe obwohl ich schon in den Optionen der Windows Firewall nochmal nachgesehen habe ob diese das Aktiv ist (weiß jetzt nicht wem ich von beiden mehr trauen kann).

Grundsätzlich denke ich mal kommen die Meldungen in Verbindung mit der FirewallAPI.dll wenn ein Programm eine Internetverbindung aufbaut um Updates abzufragen.

Ich hatte auch schon gelesen dass es einige False-Positiv durch Avast gibt und "[susp]" als "vermutlich" bezeichnet wird da Avast nicht sicher sagen kann um was es sich handelt.

Ich möchte nur beruhigt sein können und wissen was da gerade auf meiner Kiste abgeht, wie man das beheben kann und/oder es siche um eine Fehlmeldung handelt.

Konnte hoffentlich mit den Infos vorerst ausreichend dienen.

Ich hab die nächsten Nächte Dienst (heute auch), kann also leider Abends nicht am PC arbeiten.

Danke im vorhinein für kommende Hilfe.

 

Themen zu Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich
antivirus, c:\windows, ccleaner, empfehlen, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, festplatte, folgen, licht, meldung, nichts, programme, prozess, roguekiller, steam, tablet, this device is disabled. (code 22), update, verbindung, virendatenbank, virustotal, win32, win32/toolbar.babylon.e, win32/toolbar.conduit, windows


« windows 7: Infiziert mit JS/iFrame.pyvvhmq | PC plötzlich extrem langsam bzw Hängt sich auf »


Ähnliche Themen: Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich


  1. Avast meldet Problem "Android:Evo-gen [Susp]"
    Smartphone, Tablet & Handy Security - 20.09.2015 (3)
  2. Nach USB-Stick: Avast meldet blockieren der Websites disorderstatus.ru und diferentia.ru; Prozess windows\SysWOW64\msiexec
    Log-Analyse und Auswertung - 14.09.2015 (13)
  3. Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"
    Log-Analyse und Auswertung - 13.07.2015 (17)
  4. Avast blockiert wiederholt "Infektion" Win32:Evo-gen [Susp]
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  5. Avast Meldung Win32:Evo-gen [susp]
    Log-Analyse und Auswertung - 30.01.2015 (15)
  6. Avast meldet bei Visual Studio einen Virus namens Win32.EvoGen [susp]
    Log-Analyse und Auswertung - 13.10.2014 (4)
  7. Avast findet ständig Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 11.09.2014 (7)
  8. Windows XP Avast: Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 27.08.2014 (24)
  9. Win32:Evo-gen (Susp) wenn ich ein bestimmtes Programm öffne meldet sich Avast
    Log-Analyse und Auswertung - 24.07.2014 (7)
  10. Avast Free Antivirus 2014 meldet Win32:Evo-gen [Susp] Programm GeForce Experience
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (14)
  11. Win 8 (64bit): Avast meldet "FileRepMalware" & "Win32:evo-gen [Susp]"
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (20)
  12. Zuerst avast Warnung wegen win32:evo-gen susp, dann hat Malwarebytes 2 infizierte Dateien gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (9)
  13. avast! Mail-Schutz meldet Win32:Evo-gen [Susp]
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (3)
  14. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  15. Avast findet Win32:BogEnt [Susp]
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich - Wer kann helfen? Seit gestern dem 13.11.14 (da wurde auch das Avast Virendatenbank Update veöffentlicht) habe ich von Avast eine Meldung welche C:\Windows\SysWOW64\FirewallAPI.dll mit einem "Win32:Evo-gen[Susp]". Zuerst wurde der Prozess - Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich...

Alle Zeitangaben in WEZ +1. Es ist jetzt 17:03 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131