Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Phishing Mail von WoW Link angeklickt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.05.2013, 12:52   #1
yannin
 
Phishing Mail von WoW Link angeklickt! - Standard

Phishing Mail von WoW Link angeklickt!



Hallo,

ich habe heute eine Mail bekommen, die angeblich von Battle.net kam (in gebrochenem Deutsch!)

In dieser stand, dass ich versuchen würde, meinen WoW Account zu verkaufen (ich weiss garnicht ob ich einen habe.......)

Es waren 2 Links dabei, die ich anklicken sollte, wenn nicht würden rechtliche Schritte eingeleitet werden!

Ich geriet ein wenig in Panik, klickte den 1. Link an......dieser führte auf eine Seite die so aus sah wie die von Battle.net mit den AGB`s!

Dann den 2. auf dem ich meine Daten eingaben sollte (laut Mail)

Als ich den angeklickt habe stand im Browser mit dicker schwarzer Schrift aus weissem Hintergrund:

"Bad Request ......" (..... steht für sonst was, was ich nicht mehr so genau weiss )

Dann las ich, dass man die Links niemals anklicken sollte, da evtl. auch Viren auf den PC geladen werden könnten.....

Ich habe davor echt Angst, da meine Eltern viel Onlinebanking abwickeln!


Könntet ihr mir bitte helfen???
Logfiles sind folgende:

OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.05.2013 13:57:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\yannick\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,29% Memory free
4,23 Gb Paging File | 3,59 Gb Available in Paging File | 84,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,42 Gb Total Space | 15,16 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive D: | 180,66 Gb Total Space | 159,54 Gb Free Space | 88,31% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: YANNICK-PC | User Name: yannick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.13 13:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yannick\Desktop\OTL.exe
PRC - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.08.30 21:13:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.30 17:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.08.30 17:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.08.30 11:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\System32\ASGT.exe
PRC - [2011.12.26 15:46:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 00:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 15:42:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.13 20:31:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.30 21:13:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.30 11:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASGT.exe -- (ASGT)
SRV - [2011.12.26 15:46:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Running] -- C:\Windows\system32\drivers\IOMap.sys -- (IOMap)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.08.30 21:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.02.14 08:07:50 | 001,093,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2011.08.18 21:43:50 | 000,028,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\FinalWire\AIDA64 Extreme Edition\kerneld.x32 -- (AIDA64Driver)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2007.05.11 12:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.19 09:52:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.19 09:52:44 | 000,000,000 | ---D | M]
 
[2013.02.28 15:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yannick\AppData\Roaming\mozilla\Extensions
[2013.05.05 14:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yannick\AppData\Roaming\mozilla\Firefox\Profiles\b4cu94sg.default\extensions
[2013.03.11 09:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 15:42:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.27 08:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.27 08:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.27 08:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 08:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 08:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 08:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CA9058-44ED-4D79-87E7-90E9A8213D8E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DA560FD-1803-42CB-B420-60513461AD32}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{7389a982-7cc2-11e2-8b15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7389a982-7cc2-11e2-8b15-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.13 13:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yannick\Desktop\OTL.exe
[2013.05.12 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boeing 767-300 Condor NEW
[2013.05.12 09:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boeing 767-300 Condor NEW
[2013.05.01 21:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.05.01 21:02:20 | 000,000,000 | ---D | C] -- C:\Users\yannick\AppData\Roaming\DVDVideoSoft
[2013.05.01 21:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.05.01 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.05.01 10:48:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013.04.30 21:08:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.30 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\yannick\Desktop\sound
[2013.04.26 11:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.04.24 19:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leitstelle Albstadt 2
[2013.04.24 19:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Leitstelle Albstadt 2
[2013.04.20 19:13:10 | 029,528,267 | ---- | C] (Leonard Bienbeck) -- C:\Users\yannick\Desktop\Funkspiel-MS-Client-1.4.1(1).exe
[2013.04.19 16:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2013.04.19 09:55:53 | 000,000,000 | ---D | C] -- C:\Users\yannick\dwhelper
[2013.04.17 17:32:03 | 000,000,000 | ---D | C] -- C:\Users\yannick\AppData\Local\Quadriga Games
[2013.04.17 17:28:58 | 000,000,000 | ---D | C] -- C:\Users\yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Die Polizei
[2013.04.17 16:48:08 | 000,000,000 | ---D | C] -- C:\Users\yannick\Documents\Flight Simulator X-Dateien
[2013.04.16 09:22:18 | 000,000,000 | ---D | C] -- C:\Users\yannick\Desktop\5
[2013.04.15 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alan Starkey
[2013.04.14 17:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Atc Mission AZ296
[2013.04.14 17:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Atc Mission AZ269
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.13 13:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yannick\Desktop\OTL.exe
[2013.05.13 13:55:23 | 000,000,000 | ---- | M] () -- C:\Users\yannick\defogger_reenable
[2013.05.13 13:54:58 | 000,050,477 | ---- | M] () -- C:\Users\yannick\Desktop\Defogger.exe
[2013.05.13 13:29:16 | 000,686,770 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.13 13:29:16 | 000,644,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.13 13:29:16 | 000,150,938 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.13 13:29:16 | 000,123,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.13 13:24:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 13:22:41 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 13:22:41 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 13:22:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.13 13:22:29 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.12 21:19:14 | 003,453,210 | ---- | M] () -- C:\Users\yannick\Desktop\Nelly - Hey Porsche.mp3
[2013.05.12 08:56:20 | 003,556,310 | ---- | M] () -- C:\Users\yannick\Desktop\Capital Cities -- Safe And Sound (new video).mp3
[2013.05.12 08:54:46 | 003,556,989 | ---- | M] () -- C:\Users\yannick\Desktop\Glasperlenspiel - nie vergessen lyrics.mp3
[2013.05.08 12:12:37 | 000,153,808 | ---- | M] () -- C:\Users\yannick\Desktop\ringtone_Bio_Klingelton.mp3
[2013.05.08 11:59:12 | 000,616,908 | ---- | M] () -- C:\Users\yannick\Desktop\ton-70.mp3
[2013.05.06 19:10:44 | 000,038,212 | ---- | M] () -- C:\Users\yannick\Desktop\377791_188522607902822_1134674371_n.jpg
[2013.05.01 21:02:26 | 000,001,101 | ---- | M] () -- C:\Users\yannick\Desktop\Free YouTube Download.lnk
[2013.05.01 14:37:56 | 000,017,200 | ---- | M] () -- C:\Users\yannick\Desktop\41HEB1Li4yL.jpg
[2013.04.30 21:08:40 | 189,053,684 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.30 11:58:23 | 000,928,793 | ---- | M] () -- C:\Windows\System32\livdb.lmd
[2013.04.29 14:25:43 | 001,352,499 | ---- | M] () -- C:\Users\yannick\Documents\pp flusi.odp
[2013.04.26 11:46:39 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6500 E710a-f.lnk
[2013.04.26 11:46:38 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2013.04.26 11:46:38 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2013.04.26 11:46:38 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2013.04.24 19:12:37 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Leitstelle Albstadt 2.lnk
[2013.04.20 19:24:27 | 029,528,267 | ---- | M] (Leonard Bienbeck) -- C:\Users\yannick\Desktop\Funkspiel-MS-Client-1.4.1(1).exe
[2013.04.20 13:31:52 | 003,404,591 | ---- | M] () -- C:\Users\yannick\Desktop\James Arthur - Impossible - Official Single.mp3
[2013.04.17 15:27:34 | 003,653,695 | ---- | M] () -- C:\Users\yannick\Desktop\Gentleman - You Remember (Official Video 2013).mp3
[2013.04.17 11:50:37 | 000,665,356 | ---- | M] () -- C:\Users\yannick\Desktop\airberlin_271776.zip
[2013.04.14 19:47:04 | 000,803,504 | ---- | M] () -- C:\Users\yannick\Desktop\germany516aeb97c957f.sct
 
========== Files Created - No Company Name ==========
 
[2013.05.13 13:55:23 | 000,000,000 | ---- | C] () -- C:\Users\yannick\defogger_reenable
[2013.05.13 13:54:57 | 000,050,477 | ---- | C] () -- C:\Users\yannick\Desktop\Defogger.exe
[2013.05.12 21:16:51 | 003,453,210 | ---- | C] () -- C:\Users\yannick\Desktop\Nelly - Hey Porsche.mp3
[2013.05.12 08:55:03 | 003,556,310 | ---- | C] () -- C:\Users\yannick\Desktop\Capital Cities -- Safe And Sound (new video).mp3
[2013.05.12 08:52:25 | 003,556,989 | ---- | C] () -- C:\Users\yannick\Desktop\Glasperlenspiel - nie vergessen lyrics.mp3
[2013.05.08 12:12:32 | 000,153,808 | ---- | C] () -- C:\Users\yannick\Desktop\ringtone_Bio_Klingelton.mp3
[2013.05.08 11:58:58 | 000,616,908 | ---- | C] () -- C:\Users\yannick\Desktop\ton-70.mp3
[2013.05.06 19:10:43 | 000,038,212 | ---- | C] () -- C:\Users\yannick\Desktop\377791_188522607902822_1134674371_n.jpg
[2013.05.01 21:02:26 | 000,001,101 | ---- | C] () -- C:\Users\yannick\Desktop\Free YouTube Download.lnk
[2013.05.01 14:37:55 | 000,017,200 | ---- | C] () -- C:\Users\yannick\Desktop\41HEB1Li4yL.jpg
[2013.04.30 21:08:25 | 189,053,684 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.29 14:25:40 | 001,352,499 | ---- | C] () -- C:\Users\yannick\Documents\pp flusi.odp
[2013.04.26 11:46:38 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2013.04.26 11:46:38 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2013.04.26 11:46:38 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6500 E710a-f.lnk
[2013.04.26 11:46:38 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2013.04.24 19:12:37 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Leitstelle Albstadt 2.lnk
[2013.04.20 13:30:18 | 003,404,591 | ---- | C] () -- C:\Users\yannick\Desktop\James Arthur - Impossible - Official Single.mp3
[2013.04.17 15:27:24 | 003,653,695 | ---- | C] () -- C:\Users\yannick\Desktop\Gentleman - You Remember (Official Video 2013).mp3
[2013.04.17 11:50:21 | 000,665,356 | ---- | C] () -- C:\Users\yannick\Desktop\airberlin_271776.zip
[2013.04.14 19:47:19 | 000,803,504 | ---- | C] () -- C:\Users\yannick\Desktop\germany516aeb97c957f.sct
[2013.04.14 17:02:46 | 000,010,246 | ---- | C] () -- C:\Users\yannick\Desktop\Concorde.air
[2013.04.03 17:15:32 | 000,136,841 | ---- | C] () -- C:\Users\yannick\ESt2012_Panse_Nicole.elfo
[2013.03.16 21:53:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.05 09:53:02 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.03.02 20:54:55 | 000,000,080 | ---- | C] () -- C:\Users\yannick\AppData\Local\X-Plane Installer.prf
[2013.02.28 15:16:21 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013.02.23 18:11:51 | 000,006,656 | ---- | C] () -- C:\Users\yannick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.22 09:46:47 | 000,000,680 | ---- | C] () -- C:\Users\yannick\AppData\Local\d3d9caps.dat
[2012.08.30 11:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\System32\ASGT.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.01.19 00:36:12 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008.01.19 00:34:22 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 00:36:50 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.08 10:11:19 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\Audacity
[2013.03.30 11:19:42 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\com.bajasim.atc4real.kfll.desktop
[2013.03.04 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\CPUControl
[2013.05.01 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\DVDVideoSoft
[2013.04.03 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\elsterformular
[2013.03.03 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\flightgear.org
[2013.03.03 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\fltk.org
[2013.04.14 12:35:13 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\FSXToolsInfoTool_v2
[2013.03.31 14:48:12 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\Garmin
[2013.04.10 10:19:51 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\IVAO
[2013.04.08 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\Lockheed Martin
[2013.04.06 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\OpenOffice.org
[2013.03.12 10:44:03 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\Plogue
[2013.03.12 11:06:39 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\PowerISO
[2013.02.22 12:37:08 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\ProtectDISC
[2013.04.05 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\TeamViewer
[2013.02.28 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\TP-LINK
[2013.03.28 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\Tropico 3
[2013.05.12 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\TS3Client
[2013.03.18 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\uTorrent
[2013.04.15 13:45:28 | 000,000,000 | ---D | M] -- C:\Users\yannick\AppData\Roaming\Virtuali
[2013.03.05 14:16:16 | 000,000,000 | -HSD | M] -- C:\Users\yannick\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:74603393

< End of report >
         
--- --- ---





Extras.Txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.05.2013 13:57:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\yannick\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,29% Memory free
4,23 Gb Paging File | 3,59 Gb Available in Paging File | 84,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,42 Gb Total Space | 15,16 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive D: | 180,66 Gb Total Space | 159,54 Gb Free Space | 88,31% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: YANNICK-PC | User Name: yannick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064EC7CC-98C4-49C8-B452-35713BE6905F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16058E4F-C095-4D0D-87AC-B06CE44CC66D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C5AD172-D9A6-447E-868D-B8D8AE3F7467}" = lport=138 | protocol=17 | dir=in | app=system | 
"{48B64167-9D51-4E5B-9046-AEB87D5C3089}" = rport=445 | protocol=6 | dir=out | app=system | 
"{95234B62-D433-4484-B62D-4A0BA0562804}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B8BC75BD-1CA3-4FC5-A35D-AB4C86E97571}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D28C36DB-AB65-4945-99B9-339EDD829364}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D2BC2A36-D55F-4F88-AC4B-895834E8CCC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DCEC451C-CFB7-43B2-BA82-3A3774715020}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E9021E1F-CFED-4429-B6A3-37F98E820E0C}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090BC266-E169-4EC4-84EB-F3C1B8D681F6}" = protocol=6 | dir=in | app=c:\users\yannick\appdata\roaming\utorrent\utorrent.exe | 
"{1884FA5F-F83F-46E6-AF83-490AE24F0E1E}" = protocol=6 | dir=in | app=c:\program files\war thunder\launcher.exe | 
"{24BCB484-1CEA-4282-96CD-3E8F2AD3CB7D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{2725B29A-2C97-452C-981B-6B022C473011}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{3C017BD2-73BD-4A4E-8074-06385D30A267}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{3ECB5D53-710E-481B-8089-8604793AC246}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4451B7C5-9515-4B40-9F51-6FBA145CD900}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57AB8BFC-AA5B-4969-99BE-CD35C8B1DAD4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{5B0F80DB-DB58-4F17-99DA-2A7C502D30C0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{606621F1-938C-41D1-97D2-47BD315D8F03}" = protocol=17 | dir=in | app=c:\users\yannick\appdata\roaming\utorrent\utorrent.exe | 
"{629E7985-A1A5-4DAA-BA67-84BF70A07307}" = protocol=17 | dir=in | app=d:\war thunder\launcher.exe | 
"{64A55F1A-F7AC-488A-94BF-239D6644B2F3}" = protocol=6 | dir=in | app=d:\war thunder\launcher.exe | 
"{76C4EF0E-EBD0-40FC-AE4A-44947F4C8AD4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{81885F92-3A46-4BCC-B16A-2CE13CCBFC83}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{86FEAE85-D2B2-4A39-BF87-158EE5D2F023}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{89195F8C-3626-4569-84F4-F08455BC985B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{9C4E69E0-7ABF-43F0-9DFA-F596673DCC27}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A22E0013-78A8-4882-AD92-24B4EECDD36D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{BA8B22EA-F39B-4A9F-9BF6-D6C069E11B16}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{CBAF0F60-5672-47DB-8257-D93D102F819A}" = protocol=17 | dir=in | app=c:\program files\war thunder\launcher.exe | 
"{D54EC894-E2EE-485A-BB78-A8A78445140F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{DB7002E0-7468-4494-9EAF-209302E05E69}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E18258BC-15AB-454E-B6EE-224E9C3BB135}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"TCP Query User{692A9B76-EA6F-435D-934F-7EC5A121FD41}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{8DB61659-F230-4ECC-8357-3D9BAE045982}C:\users\yannick\downloads\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\users\yannick\downloads\urbanterror\iourbanterror.exe | 
"TCP Query User{8DC131FA-1EE6-452B-85AC-E4437D3AA54F}D:\war thunder\aces.exe" = protocol=6 | dir=in | app=d:\war thunder\aces.exe | 
"TCP Query User{93FF2B76-2E03-4B9C-9CFE-5EFBD687A49B}C:\program files\advanced control center\acc.exe" = protocol=6 | dir=in | app=c:\program files\advanced control center\acc.exe | 
"TCP Query User{CC1FEDF1-E897-464B-8AA9-738BE053F024}D:\flight simulator x\fsx.exe" = protocol=6 | dir=in | app=d:\flight simulator x\fsx.exe | 
"TCP Query User{EE81BCF1-B480-42EB-B0E4-F35DAC256C1C}C:\program files\csernakgergely\euroscope\euroscope.exe" = protocol=6 | dir=in | app=c:\program files\csernakgergely\euroscope\euroscope.exe | 
"TCP Query User{EEFB6FC7-4D8B-46E5-9798-874FB750330F}C:\program files\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files\hp\common\hpdevicedetection3.exe | 
"UDP Query User{2183B6F7-AF3B-4CE2-B3EA-64AC44256760}D:\war thunder\aces.exe" = protocol=17 | dir=in | app=d:\war thunder\aces.exe | 
"UDP Query User{3424E3B3-CFDA-4C34-9052-1895ED5ED31B}C:\users\yannick\downloads\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\users\yannick\downloads\urbanterror\iourbanterror.exe | 
"UDP Query User{AC7EE3B4-B00A-4EFC-AAD7-2946F0424178}C:\program files\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files\hp\common\hpdevicedetection3.exe | 
"UDP Query User{B10BC56D-8EE7-4738-9996-BCB2827ED397}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{BFDB10A8-7364-4ED2-82AC-FAC5E37ACAE9}C:\program files\advanced control center\acc.exe" = protocol=17 | dir=in | app=c:\program files\advanced control center\acc.exe | 
"UDP Query User{D2744E1E-1C64-4058-A475-5D506B4A41DF}C:\program files\csernakgergely\euroscope\euroscope.exe" = protocol=17 | dir=in | app=c:\program files\csernakgergely\euroscope\euroscope.exe | 
"UDP Query User{D7A12F82-52FC-45FC-89C1-9F537CF1833F}D:\flight simulator x\fsx.exe" = protocol=17 | dir=in | app=d:\flight simulator x\fsx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0ADD81-270D-44C7-8AA9-882A42F2EC22}_is1" = ABC-Schutz-Simulator Version 1.0
"{15DF4EE8-DE41-453A-800A-5814A5CDF003}" = Garmin VoiceStudio v2.40
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B60A7A4-49F6-4D2A-8AE7-BCBAFA6224CE}" = Simulationsprogramm Integrierte Leitstelle V4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{67C82957-EDA8-43C2-8BBC-5BF17DC8201B}" = London Control Demo
"{67F30877-CBBB-425C-9511-93181EFB8F08}_is1" = Airport Simulator 2013 Demo Version 1.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D04ADF-C1E8-4BF6-901B-D1DE3414DE60}_is1" = Leitstelle Albstadt 2 Version 2.1
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{879F7C80-BCA3-4A11-BDB1-658252ECD7E0}" = HP Product Detection
"{8D8E696E-916E-49CE-B2EE-C2346A6FE949}" = Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 Demo
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{93878DDD-E621-4AFF-8203-2658451A3636}" = EuroScope 3.1d
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D7EF9D6-212E-3C87-AB96-ED9F2A6C3218}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{9FB088BB-47DC-452C-BE8E-036E2243B4C8}" = City Bus Simulator 2010 - Gold Edition
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5778FF8-CCE7-4C57-A8CE-C87D3E42D748}" = Citybus Simulator Munich Demo
"{B7BE84B4-684D-6A37-FC7E-C559DD277BEA}" = ATC4Real Fort Lauderdale
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E796AA87-FE52-49A8-AD93-0236A9F87632}" = TP-LINK TL-WN727N Driver
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1  for FSX
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2CA85EF-D86E-4F4C-99E7-8ED7AA18E7B8}" = SWAT 4 Single Player Demo
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FFC78FC9-2FE6-4648-BFEB-446C61C2D61E}" = FSacars
"3D-Fahrschule Demo" = 3D-Fahrschule Demo
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"AbiWord2" = AbiWord 2.4.6 (remove only)
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Control Center_is1" = Advanced Control Center 2.0
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"ArtMoney SE_is1" = ArtMoney SE v7.40.5
"Audacity_is1" = Audacity 2.0.3
"Boeing 767-300 Condor NEW" = Boeing 767-300 Condor NEW
"BS2012StudioFahrplaneditor_is1" = BS2012 Studio Fahrplaneditor
"Bus- & Cable Car-Simulator_is1" = Bus- & Cable Car-Simulator
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"com.bajasim.atc4real.kfll.desktop" = ATC4Real Fort Lauderdale
"CPU-Control_is1" = CPU-Control
"Die Polizei" = Die Polizei
"ElsterFormular" = ElsterFormular
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.426
"GoldWave v5.68" = GoldWave v5.68
"GTA IV - 100% Savegame File (Vista) 1.0" = GTA IV - 100% Savegame File (Vista) 1.0
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{F2CA85EF-D86E-4F4C-99E7-8ED7AA18E7B8}" = SWAT 4 Single Player Demo
"IvAc_is1" = IvAc v1.2.4 (b225)
"IvAp-v2_is1" = IvAp v2.0.2 (build 2773)
"Loksim3D_is1" = Loksim3D
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Passenger Simulation" = Passenger Simulation 1.0
"Police" = Police
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Real Atc Mission AZ269" = Real Atc Mission AZ269
"Real Atc Mission AZ296" = Real Atc Mission AZ296
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpaceShuttleMission2007 DEMO_is1" = SpaceShuttleMission2007 DEMO v1.31
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Tropico3" = Tropico 3 1.00
"uTorrent" = µTorrent
"vasFMC_is1" = vasFMC 2.1
"vBus" = vBus
"VirtualBus_is1" = VirtualBus A6C RC3.1
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"05738b33edbcf8ca" = FFMVATracker
"American Samoa Rescue" = American Samoa Rescue
"vBus" = vBus
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.05.2013 05:05:56 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, Ausnahmecode
 0xc0000005, Fehleroffset 0x005c6687,  Prozess-ID 0x568, Anwendungsstartzeit 01ce48a4ae17ce59.
 
Error - 06.05.2013 07:36:30 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul ELS.asi, Version 0.0.0.0, Zeitstempel 0x4c8c48b9, Ausnahmecode
 0xc0000005, Fehleroffset 0x00009f54,  Prozess-ID 0x708, Anwendungsstartzeit 01ce4a47c3f9abbc.
 
Error - 07.05.2013 11:21:14 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, Ausnahmecode
 0xc0000005, Fehleroffset 0x001a9346,  Prozess-ID 0x824, Anwendungsstartzeit 01ce4b31115d9f8a.
 
Error - 07.05.2013 11:23:24 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, Ausnahmecode
 0xc0000005, Fehleroffset 0x001a9346,  Prozess-ID 0x1350, Anwendungsstartzeit 01ce4b3697d22847.
 
Error - 08.05.2013 04:59:23 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, Ausnahmecode
 0xc0000005, Fehleroffset 0x005c6687,  Prozess-ID 0xfcc, Anwendungsstartzeit 01ce4bc74655c8d8.
 
Error - 08.05.2013 06:52:23 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6001.7008, Zeitstempel
 0x4aa91960, fehlerhaftes Modul wmp.dll, Version 11.0.6001.7008, Zeitstempel 0x4aa938dc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x003a6e9c,  Prozess-ID 0x698, Anwendungsstartzeit
 01ce4bd96a94412f.
 
Error - 09.05.2013 05:23:08 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul ELS.asi, Version 0.0.0.0, Zeitstempel 0x4c8c48b9, Ausnahmecode
 0xc0000005, Fehleroffset 0x00009f54,  Prozess-ID 0x96c, Anwendungsstartzeit 01ce4c923db9ea83.
 
Error - 10.05.2013 10:18:59 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe,
 fehlerhaftes Modul GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, Ausnahmecode
 0xc0000005, Fehleroffset 0x001a9346,  Prozess-ID 0x98c, Anwendungsstartzeit 01ce4d875496c316.
 
Error - 10.05.2013 10:19:36 | Computer Name = yannick-PC | Source = Application Error | ID = 1000
Error - 10.05.2013 10:19:37 | Computer Name = yannick-PC | Source = .NET Runtime
 | ID = 1026
 
Description = 
Error - 11.05.2013 04:25:29 | Computer Name = yannick-PC | Source = Application 
Error | ID = 1000
 
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, fehlerhaftes Modul ELS.asi, Version 0.0.0.0, Zeitstempel 0x4c8c48b9, Ausnahmecode 0xc0000005, Fehleroffset 0x00009f54,
Prozess-ID 0xd78, Anwendungsstartzeit 01ce4e1e3ebbd224.
Error - 11.05.2013 12:33:32 | Computer Name = yannick-PC | Source = Application 
Error | ID = 1000
 
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, fehlerhaftes Modul GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, Ausnahmecode 0xc0000005, Fehleroffset 0x001a9346,
Prozess-ID 0xfb4, Anwendungsstartzeit 01ce4e6124393b8b.
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---





Lg
Yannick

Geändert von yannin (13.05.2013 um 13:29 Uhr)

Alt 13.05.2013, 15:13   #2
t'john
/// Helfer-Team
 
Phishing Mail von WoW Link angeklickt! - Standard

Phishing Mail von WoW Link angeklickt!





alles unauffaellig

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



dann:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________

__________________

Alt 14.05.2013, 08:04   #3
yannin
 
Phishing Mail von WoW Link angeklickt! - Standard

Phishing Mail von WoW Link angeklickt!



Hey,

den mbar habe ich ausgeführt, jedoch geht er immer wieder selbständig nach dem Scan aus und findet nichts!

Hier der Log:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.13.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
yannick :: YANNICK-PC [administrator]

13.05.2013 19:16:19
mbar-log-2013-05-13 (19-16-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28817
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






Security Check (checkup):



Results of screen317's Security Check version 0.99.63
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````






LG

Yannick
__________________

Alt 14.05.2013, 11:13   #4
t'john
/// Helfer-Team
 
Phishing Mail von WoW Link angeklickt! - Standard

Phishing Mail von WoW Link angeklickt!



Alles Windows Updates einspielen, inkl. Service Pack und Internet Explorer!
http://windowsupdate.microsoft.com


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 21 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.07.2013, 11:05   #5
t'john
/// Helfer-Team
 
Phishing Mail von WoW Link angeklickt! - Standard

Phishing Mail von WoW Link angeklickt!



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Phishing Mail von WoW Link angeklickt!
account, angeblich, bat, battle.net, brauch, browser, daten, deutsch, ebanking, grand theft auto, heute, hintergrund, install.exe, klicke, klicken, link, link angeklickt, links, logfiles, mail, nicht mehr, niemals, officejet, onlinebanking, panik, phishing, phishing mail, plug-in, rechtliche, seite, verkaufen, viren, wow account




Ähnliche Themen: Phishing Mail von WoW Link angeklickt!


  1. Phishing SMS iPhone Link angeklickt
    Alles rund um Mac OSX & Linux - 04.11.2015 (1)
  2. Phishing SMS iPhone Link angeklickt
    Smartphone, Tablet & Handy Security - 04.11.2015 (6)
  3. DHL Phishing Mail - Link angeklickt - ZIP-Datei NICHT geöffnet / gelöscht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (8)
  4. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  5. DHL Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (7)
  6. DHL Fake Email - Phishing Link leider angeklickt
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (8)
  7. Amazon Phishing Link angeklickt...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (6)
  8. Phishing-Mail-Link angeklickt (Paypal-Phishing-Mail)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2014 (9)
  9. Amazon Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (11)
  10. Phishing Link angeklickt TNT Delivery (Logfile)
    Log-Analyse und Auswertung - 14.03.2014 (5)
  11. Phishing Link angeklickt TNT Delivery
    Smartphone, Tablet & Handy Security - 13.03.2014 (6)
  12. Windows 7: Amazon Phishing-Mail Link angeklickt
    Log-Analyse und Auswertung - 16.02.2014 (11)
  13. Win7: Link in Phishing Mail zur Abmeldung von Newsletter angeklickt
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (14)
  14. Phishing-Link von Paypal angeklickt
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (11)
  15. Link in Phishing-Mail angeklickt: Malware eingefangen?
    Log-Analyse und Auswertung - 21.05.2013 (5)
  16. Link in Mastercard Phishing mail angeklickt -Virus o. Ä. ?
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (20)
  17. In Phishing-Mail den Link angeklickt :( Panik
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (34)

Zum Thema Phishing Mail von WoW Link angeklickt! - Hallo, ich habe heute eine Mail bekommen, die angeblich von Battle.net kam (in gebrochenem Deutsch!) In dieser stand, dass ich versuchen würde, meinen WoW Account zu verkaufen (ich weiss garnicht - Phishing Mail von WoW Link angeklickt!...
Archiv
Du betrachtest: Phishing Mail von WoW Link angeklickt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.