|
E-Mail + wow-acc weg. Keylogger? Hihi zusammen, Letzten Freitag kam ich nicht mehr auf mein E-Mailaccount und auch nicht in WoW (Passwort falsch bla bla). Nun wurde E-Mail alles verändert und WoW leer geräumt, aber hab nun alles wieder. HAb alle Pw's geändert (von nem anderen Rechner aus) und heute auf meinem einige AntiVirenProgramme laufen lassen (Avira, Bullguard, Spybot, Ad-Aware). Ein Programm hat was gefunden, aber das is ne Datei, die von mir vor Monaten installiert wurde. Nun bin ich auf euer Forum gestoßen und hoffe Ihr könnt mir weiterhelfen. Hab den CCleaner laufen lassen, danach Malwarebyte's und dann OTL. Hier die Logs (Malwarebyte): Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4091 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 12.05.2010 03:27:08 mbam-log-2010-05-12 (03-27-08).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 118696 Laufzeit: 11 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Das versteh ich ja noch :) nun OTL: OTL logfile created on: 12.05.2010 03:15:49 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\XXX\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 46,00% Memory free 12,00 Gb Paging File | 9,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1377,26 Gb Total Space | 1055,86 Gb Free Space | 76,66% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 7,61 Gb Free Space | 38,04% Space Free | Partition Type: FAT32 Drive E: | 617,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 3,72 Gb Total Space | 0,31 Gb Free Space | 8,38% Space Free | Partition Type: FAT32 Computer Name: XXX Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Windows\SysWOW64\PSIService.exe () PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (BgLiveSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) SRV:64bit: - (BgRaSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (BullGuard Ltd.) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (BgMainSvc) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BsMailProxy) -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll (BullGuard Ltd.) SRV - (BsFileScan) -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys () DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys () DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (BdFileSpy) -- C:\Windows\SysNative\drivers\BdFileSpy.sys () DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys () DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys () DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.01 19:24:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.04 05:54:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.04 05:54:14 | 000,000,000 | ---D | M] [2009.12.23 13:14:45 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.05.11 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\omtslcum.default\extensions [2009.12.24 16:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefanie\AppData\Roaming\mozilla\Firefox\Profiles\omtslcum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.11 22:46:49 | 000,000,944 | ---- | M] () -- C:\Users\Stefanie\AppData\Roaming\Mozilla\FireFox\Profiles\omtslcum.default\searchplugins\icqplugin.xml [2009.12.23 13:29:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.12.23 13:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.18 09:20:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.18 09:20:26 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.18 09:20:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.18 09:20:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.18 09:20:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4:64bit: - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\bglsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysNative\bglsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\bglsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\SysNative\oobe\info\wallpaper1.jpg O24 - Desktop BackupWallPaper: C:\Windows\SysNative\oobe\info\wallpaper1.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.12.19 11:36:22 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{f0a0649b-ef10-11de-909d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f0a0649b-ef10-11de-909d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2003.12.19 11:36:17 | 000,225,280 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.12 02:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.05.12 01:45:47 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\AppData\Roaming\Malwarebytes [2010.05.12 01:45:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.05.12 01:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.12 01:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.05.12 01:28:40 | 000,000,000 | ---D | C] -- C:\avrescue [2010.05.12 01:08:18 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\AppData\Roaming\Avira [2010.05.12 00:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010.05.11 23:35:46 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.05.11 23:35:46 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.05.11 23:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.11 23:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.05.11 22:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.05.11 22:41:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.05.11 22:17:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.11 22:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.05.11 22:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.05.11 22:13:16 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\Pavark [2010.05.11 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\Documents\antivir_rootkit [2010.05.11 22:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.05.11 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.05.11 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\Documents\Simply Super Software [2010.05.11 22:01:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll [2010.05.11 22:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2010.05.11 22:01:21 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\AppData\Roaming\Simply Super Software [2010.05.11 22:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.05.11 21:58:00 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Stefanie\Documents\Ad-AwareInstaller.exe [2010.05.11 21:57:30 | 009,399,608 | ---- | C] (Simply Super Software ) -- C:\Users\Stefanie\Documents\trjsetup681.exe [2010.05.11 21:57:10 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Stefanie\Documents\spybotsd162.exe [2010.05.01 12:40:56 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\Desktop\Rawr v2.3.15 [2010.04.30 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\AppData\Roaming\MechSoft [2010.04.18 15:41:02 | 000,000,000 | ---D | C] -- C:\Users\Stefanie\Application Data [2010.04.18 15:30:59 | 000,000,000 | R-SD | C] -- C:\Users\Stefanie\Documents\My Stationery [2010.04.14 12:05:43 | 000,000,000 | ---D | C] -- C:\WTF [2010.04.14 11:29:34 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.04.14 11:29:15 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm [2010.04.14 11:23:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.04.14 11:17:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll ========== Files - Modified Within 30 Days ========== [2010.05.12 03:23:47 | 006,815,744 | -HS- | M] () -- C:\Users\Stefanie\NTUSER.DAT [2010.05.12 02:55:26 | 000,001,728 | ---- | M] () -- C:\Users\Stefanie\Desktop\CCleaner.lnk [2010.05.12 02:55:16 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.12 02:55:16 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.12 01:45:34 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.12 01:13:49 | 000,002,565 | ---- | M] () -- C:\Users\Stefanie\Desktop\HiJackThis.lnk [2010.05.11 23:36:48 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.11 22:40:50 | 000,095,024 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.05.11 22:17:35 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.11 22:13:09 | 001,020,640 | ---- | M] () -- C:\Users\Stefanie\Desktop\panda_antirootkit.exe [2010.05.11 22:05:38 | 000,001,101 | ---- | M] () -- C:\Users\Stefanie\Desktop\Spybot - Search & Destroy.lnk [2010.05.11 22:02:05 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.11 21:59:12 | 000,628,672 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.05.11 21:59:12 | 000,595,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.05.11 21:59:12 | 000,127,400 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.05.11 21:59:12 | 000,105,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.05.11 21:59:08 | 001,447,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.05.11 21:55:54 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DB864158-F2EF-4C0D-A671-393E5140F984}.job [2010.05.11 21:54:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.11 21:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.09 21:29:50 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Stefanie\Documents\Ad-AwareInstaller.exe [2010.05.09 21:26:44 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Stefanie\Documents\spybotsd162.exe [2010.05.09 21:25:16 | 000,065,893 | ---- | M] () -- C:\Users\Stefanie\Documents\antivir_rootkit.zip [2010.05.09 21:21:30 | 000,256,832 | ---- | M] () -- C:\Users\Stefanie\Documents\SoftonicDownloader63221.exe [2010.05.09 21:19:48 | 009,399,608 | ---- | M] (Simply Super Software ) -- C:\Users\Stefanie\Documents\trjsetup681.exe [2010.05.09 21:17:48 | 007,538,176 | ---- | M] () -- C:\Users\Stefanie\Documents\spf.exe [2010.05.07 11:36:50 | 000,524,288 | -HS- | M] () -- C:\Users\Stefanie\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010.05.07 11:36:50 | 000,065,536 | -HS- | M] () -- C:\Users\Stefanie\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.05.07 11:36:39 | 002,715,302 | -H-- | M] () -- C:\Users\Stefanie\AppData\Local\IconCache.db [2010.05.06 13:08:34 | 000,085,328 | ---- | M] () -- C:\Windows\SysNative\BGLsp.dll [2010.05.06 13:08:33 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll [2010.05.05 09:02:08 | 000,348,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.05.05 01:37:20 | 000,008,401 | ---- | M] () -- C:\Users\Stefanie\Documents\hjgj.xml [2010.05.02 04:11:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.23 08:41:59 | 000,009,335 | ---- | M] () -- C:\Users\Stefanie\Documents\isory_holy.xml [2010.04.23 01:24:56 | 000,415,400 | ---- | M] () -- C:\Users\Stefanie\Documents\isory_diszi_liste.xml [2010.04.23 00:32:12 | 000,007,911 | ---- | M] () -- C:\Users\Stefanie\Documents\firi_tank.xml [2010.04.23 00:15:56 | 000,024,581 | ---- | M] () -- C:\Users\Stefanie\Documents\firi_heal.xml [2010.04.21 23:16:30 | 000,028,672 | ---- | M] () -- C:\Users\Stefanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.20 13:55:16 | 000,622,213 | ---- | M] () -- C:\Users\Stefanie\Documents\isory_diszi.xml [2010.04.20 11:17:39 | 000,010,007 | ---- | M] () -- C:\Users\Stefanie\Documents\priest.xlsx ========== Files Created - No Company Name ========== [2010.05.12 02:55:26 | 000,001,728 | ---- | C] () -- C:\Users\Stefanie\Desktop\CCleaner.lnk [2010.05.12 01:45:34 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.12 01:45:27 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010.05.11 23:36:48 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.11 23:35:46 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys [2010.05.11 23:35:46 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.05.11 23:31:43 | 000,406,978 | ---- | C] () -- C:\Users\Stefanie\AppData\Local\dd_vcredistMSI1CFF.txt [2010.05.11 23:31:40 | 000,014,994 | ---- | C] () -- C:\Users\Stefanie\AppData\Local\dd_vcredistUI1CFF.txt [2010.05.11 22:58:31 | 000,002,565 | ---- | C] () -- C:\Users\Stefanie\Desktop\HiJackThis.lnk [2010.05.11 22:41:11 | 000,069,152 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys [2010.05.11 22:41:02 | 000,095,024 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.05.11 22:17:35 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.11 22:12:32 | 001,020,640 | ---- | C] () -- C:\Users\Stefanie\Desktop\panda_antirootkit.exe [2010.05.11 22:05:38 | 000,001,101 | ---- | C] () -- C:\Users\Stefanie\Desktop\Spybot - Search & Destroy.lnk [2010.05.11 22:02:26 | 000,002,105 | ---- | C] () -- C:\Users\Stefanie\Documents\EA Download Manager.lnk [2010.05.11 22:02:05 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.11 22:01:59 | 001,441,503 | ---- | C] () -- C:\Users\Stefanie\Documents\wrar391d.exe [2010.05.11 22:01:55 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2010.05.11 22:01:55 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2010.05.11 22:01:55 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2010.05.11 22:01:54 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2010.05.11 21:58:09 | 007,538,176 | ---- | C] () -- C:\Users\Stefanie\Documents\spf.exe [2010.05.11 21:58:05 | 000,256,832 | ---- | C] () -- C:\Users\Stefanie\Documents\SoftonicDownloader63221.exe [2010.05.11 21:58:05 | 000,065,893 | ---- | C] () -- C:\Users\Stefanie\Documents\antivir_rootkit.zip [2010.05.05 01:37:15 | 000,008,401 | ---- | C] () -- C:\Users\Stefanie\Documents\hjgj.xml [2010.04.23 01:24:54 | 000,415,400 | ---- | C] () -- C:\Users\Stefanie\Documents\isory_diszi_liste.xml [2010.04.20 13:55:16 | 000,622,213 | ---- | C] () -- C:\Users\Stefanie\Documents\isory_diszi.xml [2010.04.20 11:17:39 | 000,010,007 | ---- | C] () -- C:\Users\Stefanie\Documents\priest.xlsx [2010.04.18 03:00:40 | 000,294,912 | ---- | C] () -- C:\Windows\SysNative\browserchoice.exe [2010.04.17 21:40:33 | 000,009,335 | ---- | C] () -- C:\Users\Stefanie\Documents\isory_holy.xml [2010.04.14 11:33:59 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2010.04.14 11:33:59 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2010.04.14 11:33:58 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2010.04.14 11:29:35 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2010.04.14 11:29:15 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm [2010.04.14 11:29:02 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2010.04.14 11:28:53 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys [2010.04.14 11:28:52 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll [2010.04.14 11:28:11 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2010.04.14 11:23:55 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll [2010.04.14 11:17:02 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll [2010.03.23 22:01:25 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.12.30 01:00:18 | 001,475,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll < End of report > Hab ich nun nen Keylogger oder sonst was aufm Rechner? Würd halt gern wissen, ob ich n Rechner gleich platt machen muss :) Hab eben gesehen, dass wieder versucht wurde Pw von E-Mail zurückzusetzen (am 11.05.2010 um 5:30 = ich noch im tiefschlaf). Danke im vorraus schonmal auf Antworten |
Ein paar Fragen hätte ich: 1.) Hast Du schon den Blizzard-Support kontaktiert? 2.) Wie einfach oder komplex war Dein Passwort, wie viele Stellen, welcher Zeichensatz? 3.) Dasselbe Passwort auch für Dein Mailkonto oder für was anderes benutzt? 4.) Hast Du Dich an einem anderen Rechner (der vllt infiziert war!) in WoW eingeloggt? Zitat:
|
Zitat:
2)3) Pw war bei WoW 8 Zeichen (Buchstaben und Zahlen) und bei E-Mail 6 Zeichen. Wobei ich zugeben muss, ich kann mir sowas schlecht merken, deswegen ähnliche Pw's bei beidem (hab gelernt, nun verschiedene und aufschreiben :) ) 4) ich geh bei meinem Freund auch ab und zu ins WoW, aber der hat auch avira drauf und macht selbst net viel am Rechner. Das Problem kam ja erst Freitag gegen 13 Uhr. Bis 12 war ich selbst noch in WoW und E-Mail und die ganze Woche von zuhause aus am Rechner. Die Datei war mal so ein AngelBot für WoW, den ich mal testen wollte, hab aber die Daten nun gelöscht, die er mir gezeigt hat und geschaut das alles vom Rechner is. Beim nächsten Suchlauf hat er mir nix mehr angezeigt. Aber das Programm hab ich seit über nem Jahr aufm Rechner. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:25 Uhr. |
Copyright ©2000-2025, Trojaner-Board