| |
| |||||||
Log-Analyse und Auswertung: World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwasWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.10.2012, 22:29
| #1 |
 |  World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Wie schon oben beschrieben, wurde mein Acc kompromittiert, dergestalt, dass mein Log-In-Passwort geändert wurde und Gold sowie Items gestohlen wurde. Blizzard (der Spielebetreiber) schreibt standardmäßig "Ihr Rechner ist infiziert, bla bla bla" Ich habe mit Avira, Malwarebytes, Microsoft Security Essentials sowie Stinger den Rechner gescannt, ohne Ergebnis. Ich fing an zu glauben, dass vllt. bei Blizzard Daten abhanden gekommen sind. Sowas stand auch mal vor einigen Wochen in den Medien. Daraufhin habe ich einen neuen Acc angelegt mit neuer eMail-Adresse und auch hier hat es nur ca. 6 h gedauert, bis nachts um 4 Uhr jemand versucht hat, das Passwort des neuen Accounts zurückzusetzen. Mit diesem Acc wurde nicht eine Sekunde gespielt. Also scheint wohl doch mein Rechner von einem Keylogger ausgelesen zu werden? Meine Bitte an das Board, findet jemand was an meinem Log? ------------------hier mein Log------------------------------------OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 05.10.2012 23:26:51 - Run 2 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Jörg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,36 Gb Available Physical Memory | 79,91% Memory free 15,93 Gb Paging File | 14,21 Gb Available in Paging File | 89,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 61,12 Gb Free Space | 51,30% Space Free | Partition Type: NTFS Drive F: | 50,00 Gb Total Space | 21,40 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Drive G: | 182,88 Gb Total Space | 118,73 Gb Free Space | 64,92% Space Free | Partition Type: NTFS Computer Name: JÖRG-PC | User Name: Jörg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.05 22:46:39 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe PRC - [2012.10.05 22:44:28 | 000,050,477 | ---- | M] () -- C:\Users\Jörg\Downloads\Defogger.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.06 03:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.27 08:58:16 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2012.10.05 22:44:28 | 000,050,477 | ---- | M] () -- C:\Users\Jörg\Downloads\Defogger.exe MOD - [2012.09.06 03:25:12 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.08.30 10:39:42 | 000,374,120 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012.08.27 08:58:16 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ========== Services (SafeList) ========== SRV - [2012.10.02 19:57:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.27 08:58:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.10 10:38:49 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010.08.10 10:38:49 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010.08.10 10:38:39 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV:64bit: - [2010.08.10 10:38:39 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {C7BEA6E5-CED3-4667-A61D-FE42B088AA43} IE - HKCU\..\SearchScopes\{C7BEA6E5-CED3-4667-A61D-FE42B088AA43}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.05 11:41:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.04 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions [2012.10.05 11:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\ri8g8syk.default-1346865351181\extensions [2012.10.05 11:41:34 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\ri8g8syk.default-1346865351181\extensions\testpilot@labs.mozilla.com.xpi [2012.09.05 19:22:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\ri8g8syk.default-1346865351181\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.05 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RI8G8SYK.DEFAULT-1346865351181\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B625869-8054-4F92-837F-4A18FAAE45AC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.05 22:46:38 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe [2012.10.05 11:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\._Revolution_ [2012.10.05 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.10.05 11:32:17 | 010,204,776 | ---- | C] (McAfee Inc.) -- C:\Users\Jörg\Desktop\stinger1020802.exe [2012.10.05 11:29:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.10.05 11:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2012.10.05 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Macromedia [2012.10.05 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Macromedia [2012.10.05 01:46:03 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Malwarebytes [2012.09.23 01:00:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.23 01:00:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.23 01:00:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.23 01:00:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.23 01:00:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.23 01:00:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.23 01:00:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.23 01:00:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.23 01:00:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.23 01:00:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.23 01:00:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.23 01:00:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.23 01:00:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.23 01:00:24 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.23 01:00:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.16 08:08:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.09.14 22:51:35 | 000,000,000 | ---D | C] -- C:\temp [2012.09.14 22:51:09 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.09.14 22:51:09 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.09.14 22:51:09 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.09.14 22:51:09 | 018,229,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.09.14 22:51:09 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.09.14 22:51:09 | 015,291,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.09.14 22:51:09 | 014,879,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.09.14 22:51:09 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.09.14 22:51:09 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.09.14 22:51:09 | 007,397,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.09.14 22:51:09 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.09.14 22:51:09 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.09.14 22:51:09 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.09.14 22:51:09 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.09.14 22:51:09 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.09.14 22:51:09 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.09.14 22:51:09 | 000,830,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.09.14 22:51:09 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.09.14 22:51:09 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.09.14 22:51:09 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.09.14 22:51:09 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.09.12 06:37:01 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 06:37:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 06:37:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.12 06:37:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.07 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.10.05 22:46:39 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe [2012.10.05 22:45:44 | 000,000,000 | ---- | M] () -- C:\Users\Jörg\defogger_reenable [2012.10.05 22:37:42 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.05 22:37:42 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.05 22:37:32 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.05 22:37:32 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.05 22:37:32 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.05 22:37:32 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.05 22:37:32 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.05 22:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.05 22:30:34 | 2118,430,719 | -HS- | M] () -- C:\hiberfil.sys [2012.10.05 11:57:27 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.05 11:34:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 11:32:25 | 010,204,776 | ---- | M] (McAfee Inc.) -- C:\Users\Jörg\Desktop\stinger1020802.exe [2012.10.05 11:31:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.05 11:28:32 | 000,001,975 | ---- | M] () -- C:\Users\Jörg\Desktop\Update Checker.lnk [2012.10.05 01:38:45 | 000,000,057 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\mbam.context.scan [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.05 22:45:44 | 000,000,000 | ---- | C] () -- C:\Users\Jörg\defogger_reenable [2012.10.05 11:57:24 | 000,311,104 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.05 11:34:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 11:28:32 | 000,002,005 | ---- | C] () -- C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk [2012.10.05 11:28:32 | 000,001,975 | ---- | C] () -- C:\Users\Jörg\Desktop\Update Checker.lnk [2012.10.05 01:38:45 | 000,000,057 | ---- | C] () -- C:\Users\Jörg\AppData\Roaming\mbam.context.scan [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.08.25 20:04:16 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.08.25 20:04:16 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.08.25 20:04:16 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.08.25 20:04:16 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.08.25 20:04:16 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.08.04 18:10:28 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > --- --- --- Hier noch den OTL Extra Log OTL Extras logfile created on: 06.10.2012 00:43:19 - Run 3 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Jörg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,62 Gb Available Physical Memory | 83,14% Memory free 15,93 Gb Paging File | 14,62 Gb Available in Paging File | 91,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 61,12 Gb Free Space | 51,30% Space Free | Partition Type: NTFS Drive F: | 50,00 Gb Total Space | 21,40 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Drive G: | 182,88 Gb Total Space | 118,73 Gb Free Space | 64,92% Space Free | Partition Type: NTFS Computer Name: JÖRG-PC | User Name: Jörg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] |
|
08.10.2012, 06:25
| #2 | |
| /// the machine /// TB-Ausbilder    | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
08.10.2012, 10:05
| #3 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Hallo Schrauber,
__________________danke, dass Du Dich der Sache angenommen hast!! Hier nur der Log-File von Combo-Fix Combofix Logfile: Code:
ATTFilter ComboFix 12-10-08.01 - Jörg 08.10.2012 10:57:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8155.6874 [GMT 2:00]
ausgeführt von:: c:\users\Jörg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-08 bis 2012-10-08 ))))))))))))))))))))))))))))))
.
.
2012-10-08 08:58 . 2012-10-08 08:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-08 08:58 . 2012-10-08 08:58 -------- d-----w- c:\users\Tanjuschka\AppData\Local\temp
2012-10-08 08:58 . 2012-10-08 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 11:23 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D753B46B-0699-4ED8-A066-792ED55D566B}\mpengine.dll
2012-10-07 11:07 . 2012-10-07 11:08 -------- d-----w- c:\users\Jörg_2
2012-10-07 00:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-06 23:55 . 2009-06-18 10:55 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-10-06 23:38 . 2012-10-06 23:38 -------- d-----w- c:\program files (x86)\Sophos
2012-10-06 11:42 . 2012-10-06 11:42 -------- d-----w- c:\users\Jörg\AppData\Local\Adobe
2012-10-06 10:23 . 2012-10-07 00:07 16200 ----a-w- c:\windows\stinger.sys
2012-10-05 09:45 . 2012-10-07 18:09 -------- d-----w- c:\users\Jörg\AppData\Local\._Revolution_
2012-10-05 09:41 . 2012-09-06 01:26 266720 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-10-05 09:32 . 2012-10-07 00:49 -------- d-----w- c:\program files (x86)\stinger
2012-10-05 09:31 . 2012-10-05 09:31 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{892C8BF8-1D22-4FF7-A30B-107D26E5F8B2}\gapaengine.dll
2012-10-05 09:31 . 2012-08-04 16:11 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-05 09:29 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-05 09:28 . 2012-10-05 09:28 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-10-04 23:54 . 2012-10-04 23:54 -------- d-----w- c:\users\Jörg\AppData\Roaming\Macromedia
2012-10-04 23:54 . 2012-10-04 23:54 -------- d-----w- c:\users\Jörg\AppData\Local\Macromedia
2012-10-04 23:46 . 2012-10-04 23:46 -------- d-----w- c:\users\Jörg\AppData\Roaming\Malwarebytes
2012-10-04 08:36 . 2012-10-04 08:36 -------- d-----w- c:\users\Tanjuschka\AppData\Roaming\Malwarebytes
2012-09-12 04:37 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:37 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:37 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:37 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:37 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 04:37 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 04:37 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 10:26 . 2012-08-04 21:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2012-09-02 19:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 18:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 19:14 . 2012-08-04 15:52 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-08-04 15:52 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2012-08-04 14:47 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-08-04 14:47 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-08-04 14:46 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 16:18 . 2012-08-04 14:47 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-08-04 14:47 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-08-04 14:47 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2012-08-04 14:47 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-08-04 14:47 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-08-04 14:47 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-08-04 14:47 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-27 06:58 . 2012-08-04 15:40 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 06:58 . 2012-08-04 15:40 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-05 05:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-05 05:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-04 21:46 . 2012-08-04 21:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-04 21:46 . 2012-08-04 21:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-04 21:46 . 2012-08-04 21:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-04 21:46 . 2012-08-04 21:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-04 21:46 . 2012-08-04 21:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-04 21:46 . 2012-08-04 21:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-04 21:46 . 2012-08-04 21:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-08-04 21:46 . 2012-08-04 21:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-08-04 21:46 . 2012-08-04 21:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-04 21:46 . 2012-08-04 21:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-04 21:46 . 2012-08-04 21:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-04 21:46 . 2012-08-04 21:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-08-04 21:46 . 2012-08-04 21:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-04 21:46 . 2012-08-04 21:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-08-04 21:46 . 2012-08-04 21:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-08-04 21:46 . 2012-08-04 21:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-04 21:46 . 2012-08-04 21:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-04 21:46 . 2012-08-04 21:46 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-08-04 21:46 . 2012-08-04 21:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-08-04 21:46 . 2012-08-04 21:46 82432 ----a-w- c:\windows\system32\icardie.dll
2012-08-04 21:46 . 2012-08-04 21:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-08-04 21:46 . 2012-08-04 21:46 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-08-04 21:46 . 2012-08-04 21:46 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-04 21:46 . 2012-08-04 21:46 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-08-04 21:46 . 2012-08-04 21:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-08-04 21:46 . 2012-08-04 21:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-04 21:46 . 2012-08-04 21:46 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-08-04 21:46 . 2012-08-04 21:46 448512 ----a-w- c:\windows\system32\html.iec
2012-08-04 21:46 . 2012-08-04 21:46 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-04 21:46 . 2012-08-04 21:46 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-08-04 21:46 . 2012-08-04 21:46 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-08-04 21:46 . 2012-08-04 21:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-04 21:46 . 2012-08-04 21:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-08-04 21:46 . 2012-08-04 21:46 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-08-04 21:46 . 2012-08-04 21:46 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-08-04 21:46 . 2012-08-04 21:46 222208 ----a-w- c:\windows\system32\msls31.dll
2012-08-04 21:46 . 2012-08-04 21:46 197120 ----a-w- c:\windows\system32\msrating.dll
2012-08-04 21:46 . 2012-08-04 21:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-08-04 21:46 . 2012-08-04 21:46 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-08-04 21:46 . 2012-08-04 21:46 160256 ----a-w- c:\windows\system32\wextract.exe
2012-08-04 21:46 . 2012-08-04 21:46 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-08-04 21:46 . 2012-08-04 21:46 149504 ----a-w- c:\windows\system32\occache.dll
2012-08-04 21:46 . 2012-08-04 21:46 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-08-04 21:46 . 2012-08-04 21:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-04 21:46 . 2012-08-04 21:46 12288 ----a-w- c:\windows\system32\mshta.exe
2012-08-04 21:46 . 2012-08-04 21:46 114176 ----a-w- c:\windows\system32\admparse.dll
2012-08-04 21:46 . 2012-08-04 21:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-04 21:46 . 2012-08-04 21:46 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-04 21:46 . 2012-08-04 21:46 103936 ----a-w- c:\windows\system32\inseng.dll
2012-07-18 18:15 . 2012-08-15 08:14 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 00:40 . 2012-08-04 15:56 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FED67BE-DC81-4C9F-A107-22E14AD5EC94}\mpengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C957.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-02 115168]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2010-08-10 171016]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-08-10 41096]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\ri8g8syk.default-1346865351181\
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C957.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-08 11:00:05
ComboFix-quarantined-files.txt 2012-10-08 09:00
.
Vor Suchlauf: 9 Verzeichnis(se), 65.102.524.416 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 64.944.791.552 Bytes frei
.
- - End Of File - - 0B38400BEC81C38AF7501F289898F281
[/code] Wenn Du weitere Sachen brauchst, sage bitte bescheid. Grüsse aus Hamburg ans Board! Geändert von Hamburg1887 (08.10.2012 um 11:03 Uhr) |
|
08.10.2012, 10:07
| #4 |
| /// the machine /// TB-Ausbilder | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Wie gehst Du Online? LAN/WLAN? Router?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 10:13
| #5 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Ich gehe online mit diesem Rechner mit einer Fritzbox über Kabel, also LAN. Meine Frau geht über die selbe Box online mit Ihrem Handy über WLAN. Grüsse! |
|
08.10.2012, 10:17
| #6 |
| /// the machine /// TB-Ausbilder | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwasESET Online Scanner
Windows-Taste+R > cmd > Enter > ipconfig /all > Enter Bitte kopiere den Output hierher.
__________________ --> World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas |
|
08.10.2012, 10:57
| #7 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Hallo Schrauber, anbei das ESET Log. ---------------------------------------------------------------------------- C:\Users\Jörg\Downloads\SoftonicDownloader_fuer_hijackthis.exe a variant of Win32/SoftonicDownloader.E application G:\00 BB - Downloads\Unlocker1.9.1-x64.exe Win32/Adware.ADON application ---------------------------------------------------------------------------- Ersteres ist von hxxp://www.softonic.de/download-manager Und hier das ipconfig-Log Code:
ATTFilter Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
C:\Users\Jörg_2>ipconfig /all
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : Jörg-PC
Primäres DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : fritz.box
Ethernet-Adapter LAN-Verbindung:
Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physikalische Adresse . . . . . . : BC-5F-F4-49-2E-E3
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::48b7:8166:c98e:c3ef%10(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.178.25(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Montag, 8. Oktober 2012 11:09:31
Lease läuft ab. . . . . . . . . . : Donnerstag, 18. Oktober 2012 11:09:31
Standardgateway . . . . . . . . . : 192.168.178.1
DHCP-Server . . . . . . . . . . . : 192.168.178.1
DHCPv6-IAID . . . . . . . . . . . : 247226356
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-17-AE-F9-27-BC-5F-F4-49-2E-E3
DNS-Server . . . . . . . . . . . : 192.168.178.1
NetBIOS über TCP/IP . . . . . . . : Aktiviert
Tunneladapter isatap.fritz.box:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Tunneladapter Teredo Tunneling Pseudo-Interface:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:3453:398e:a089:92ec(Bevo
rzugt)
Verbindungslokale IPv6-Adresse . : fe80::3453:398e:a089:92ec%12(Bevorzugt)
Standardgateway . . . . . . . . . : ::
NetBIOS über TCP/IP . . . . . . . : Deaktiviert
C:\Users\Jörg_2>
Geändert von Hamburg1887 (08.10.2012 um 11:05 Uhr) |
|
08.10.2012, 11:00
| #8 |
| /// the machine /// TB-Ausbilder | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Online-Zugangsdaten bekannt? Wenn ja Router auf Werkseinstellungen zurücksetzen. Danach bitte ein frisches OTL Logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 11:09
| #9 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Wie setze ich einen Router auf Werkseinstellungen zurück? Ich kenne einen Resett mittels "vom Netz nehmen" des Routers. Das ist wohl eher nicht gemeint. Benötige ich dann wieder die Anmeldeunterlagen? Die sind im Keller (hoffendlich). Dann geh ich die schon mal suchen. |
|
08.10.2012, 11:15
| #10 |
| /// the machine /// TB-Ausbilder | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Genau die brauchst Du  FRITZ!Box auf Werkseinstellungen zurücksetzen | FRITZ!Box 6360 Cable | AVM-SKB
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 12:19
| #11 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Hallo Schrauber, die Fritzbox habe ich auf Werkeinstellung zurückgesetzt. Zugangsdaten mit Hilfe meiner Frau dann doch noch gefunden. Hatte schon Schweissperlen auf der Stirn, als nach Zurücksetzen der Umschlag mit den Daten nirgends auftauchte. Hier nun das frische OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.10.2012 13:17:00 - Run 4 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Jörg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,63 Gb Available Physical Memory | 83,27% Memory free 15,93 Gb Paging File | 14,47 Gb Available in Paging File | 90,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 59,93 Gb Free Space | 50,30% Space Free | Partition Type: NTFS Drive F: | 50,00 Gb Total Space | 49,47 Gb Free Space | 98,94% Space Free | Partition Type: NTFS Drive G: | 182,88 Gb Total Space | 118,69 Gb Free Space | 64,90% Space Free | Partition Type: NTFS Computer Name: JÖRG-PC | User Name: Jörg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.05 22:46:39 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.06 03:24:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.27 08:58:16 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.06 03:25:12 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.08.30 10:39:42 | 000,374,120 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012.08.27 08:58:16 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ========== Services (SafeList) ========== SRV - [2012.10.02 19:57:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.27 08:58:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.10 10:38:49 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010.08.10 10:38:49 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010.08.10 10:38:39 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV:64bit: - [2010.08.10 10:38:39 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.18 12:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {C7BEA6E5-CED3-4667-A61D-FE42B088AA43} IE - HKCU\..\SearchScopes\{C7BEA6E5-CED3-4667-A61D-FE42B088AA43}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.05 11:41:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.04 17:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Extensions [2012.10.05 11:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\Firefox\Profiles\ri8g8syk.default-1346865351181\extensions [2012.10.05 11:41:34 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\ri8g8syk.default-1346865351181\extensions\testpilot@labs.mozilla.com.xpi [2012.09.05 19:22:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jörg\AppData\Roaming\mozilla\firefox\profiles\ri8g8syk.default-1346865351181\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.05 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\JöRG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RI8G8SYK.DEFAULT-1346865351181\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B625869-8054-4F92-837F-4A18FAAE45AC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 11:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.08 11:09:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.08 11:00:06 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.08 10:54:24 | 004,762,763 | R--- | C] (Swearware) -- C:\Users\Jörg\Desktop\ComboFix.exe [2012.10.08 10:52:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.08 10:52:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.08 10:52:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.08 10:51:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.08 10:51:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.07 02:46:53 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\TFC- Temp-Reiniger.exe [2012.10.07 01:56:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Saitek SD6 Profiles [2012.10.07 01:55:32 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys [2012.10.07 01:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.10.07 01:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012.10.06 21:13:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jörg\Desktop\aswMBR.exe [2012.10.06 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Adobe [2012.10.06 12:23:56 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.10.05 22:46:38 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe [2012.10.05 11:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\._Revolution_ [2012.10.05 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.10.05 11:32:17 | 010,204,776 | ---- | C] (McAfee Inc.) -- C:\Users\Jörg\Desktop\stinger1020802.exe [2012.10.05 11:29:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.10.05 11:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2012.10.05 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Macromedia [2012.10.05 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Local\Macromedia [2012.10.05 01:46:03 | 000,000,000 | ---D | C] -- C:\Users\Jörg\AppData\Roaming\Malwarebytes [2012.09.23 01:00:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.23 01:00:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.23 01:00:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.23 01:00:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.23 01:00:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.23 01:00:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.23 01:00:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.23 01:00:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.23 01:00:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.23 01:00:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.23 01:00:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.23 01:00:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.23 01:00:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.23 01:00:24 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.23 01:00:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.16 08:08:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.09.14 22:51:35 | 000,000,000 | ---D | C] -- C:\temp [2012.09.14 22:51:09 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.09.14 22:51:09 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.09.14 22:51:09 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.09.14 22:51:09 | 018,229,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.09.14 22:51:09 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.09.14 22:51:09 | 015,291,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.09.14 22:51:09 | 014,879,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.09.14 22:51:09 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.09.14 22:51:09 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.09.14 22:51:09 | 007,397,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.09.14 22:51:09 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.09.14 22:51:09 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.09.14 22:51:09 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.09.14 22:51:09 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.09.14 22:51:09 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.09.14 22:51:09 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.09.14 22:51:09 | 000,830,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.09.14 22:51:09 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.09.14 22:51:09 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.09.14 22:51:09 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.09.14 22:51:09 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.09.12 06:37:01 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 06:37:01 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 06:37:01 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.12 06:37:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys ========== Files - Modified Within 30 Days ========== [2012.10.08 13:06:46 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 13:06:46 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 13:06:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.08 13:06:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.08 13:06:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.08 13:06:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.08 13:06:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.08 13:01:39 | 001,736,646 | ---- | M] () -- C:\Users\Jörg\Desktop\1un1 Start Code.bmp [2012.10.08 12:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.08 12:59:39 | 2118,430,719 | -HS- | M] () -- C:\hiberfil.sys [2012.10.08 10:48:42 | 004,762,763 | R--- | M] (Swearware) -- C:\Users\Jörg\Desktop\ComboFix.exe [2012.10.07 20:08:30 | 000,000,512 | ---- | M] () -- C:\Users\Jörg\Desktop\MBR.dat [2012.10.07 03:38:41 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.07 02:49:52 | 000,000,047 | RH-- | M] () -- C:\Users\Jörg\Desktop\stinger1020802.opt [2012.10.07 02:46:54 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\TFC- Temp-Reiniger.exe [2012.10.07 02:07:33 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.10.06 21:13:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jörg\Desktop\aswMBR.exe [2012.10.06 12:54:57 | 000,001,494 | ---- | M] () -- C:\Users\Jörg\Desktop\Firefox.lnk [2012.10.05 22:46:39 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg\Desktop\OTL.exe [2012.10.05 22:45:44 | 000,000,000 | ---- | M] () -- C:\Users\Jörg\defogger_reenable [2012.10.05 11:34:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 11:32:25 | 010,204,776 | ---- | M] (McAfee Inc.) -- C:\Users\Jörg\Desktop\stinger1020802.exe [2012.10.05 11:31:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.05 11:28:32 | 000,001,975 | ---- | M] () -- C:\Users\Jörg\Desktop\Update Checker.lnk [2012.10.05 01:38:45 | 000,000,057 | ---- | M] () -- C:\Users\Jörg\AppData\Roaming\mbam.context.scan ========== Files Created - No Company Name ========== [2012.10.08 13:01:39 | 001,736,646 | ---- | C] () -- C:\Users\Jörg\Desktop\1un1 Start Code.bmp [2012.10.08 10:52:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.08 10:52:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.08 10:52:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.08 10:52:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.08 10:52:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.07 20:08:30 | 000,000,512 | ---- | C] () -- C:\Users\Jörg\Desktop\MBR.dat [2012.10.07 03:38:38 | 000,311,104 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.06 12:54:57 | 000,001,494 | ---- | C] () -- C:\Users\Jörg\Desktop\Firefox.lnk [2012.10.06 12:27:14 | 000,000,047 | RH-- | C] () -- C:\Users\Jörg\Desktop\stinger1020802.opt [2012.10.05 22:45:44 | 000,000,000 | ---- | C] () -- C:\Users\Jörg\defogger_reenable [2012.10.05 11:34:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 11:28:32 | 000,002,005 | ---- | C] () -- C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk [2012.10.05 11:28:32 | 000,001,975 | ---- | C] () -- C:\Users\Jörg\Desktop\Update Checker.lnk [2012.10.05 01:38:45 | 000,000,057 | ---- | C] () -- C:\Users\Jörg\AppData\Roaming\mbam.context.scan [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.08.25 20:04:16 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.08.25 20:04:16 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.08.25 20:04:16 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.08.25 20:04:16 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.08.25 20:04:16 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.08.04 18:10:28 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
08.10.2012, 12:22
| #12 | |
| /// the machine /// TB-Ausbilder | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwasZitat:
 Leg mal nen neuen Account an mit neuer Email, und teste mal ob der wieder gehackt wird.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 12:36
| #13 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Vielen Dank Schrauber. Das mit den Daten ist so eine Sache. Ich war mir sicher, die noch zu haben, das Problem ist nur, wo ... meine Frau hat da mehr Geduld und hat sie dann letzten Endes auch gefunden. ;-) Das mit dem Acc mache ich und melde mich dann wieder. Wird sicher nen Tag in Anspruch nehmen. |
|
08.10.2012, 12:45
| #14 |
| /// the machine /// TB-Ausbilder | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Kein Ding, ich hab nix anderes vor
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.10.2012, 10:32
| #15 |
| | World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas Moin Schrauber ! Da bin ich wieder. Habe gestern gegen 17.00 Uhr einen neuen WoW-Acc eröffnet. Bis heute ist nichts passiert. Also keine eMail von Blizzard (Spielebetreiber) bekommen, dass mein Passwort geändert wurde. Das Auslesen erfolgt bei Trojanern wohl automatisch, ohne große Wartezeit, vermute ich? Somit sollte dies ein gutes Zeichen sein? Grüsse! |
|
| Themen zu World of Warcraft Account u.U. gehackt - kein Virenskanner findet etwas |
| adobe, autorun, avira, dsl, explorer, explorer.exe, firefox, format, home, ie7, infiziert, install.exe, intranet, keylogger, logfile, malwarebytes, microsoft, mozilla, neue, nvidia, nvidia update, programme, realtek, registry, security, software, windows, winlogon, wow-account gehackt |
Linear-Darstellung
