Home > Hijackthis Log > Hijackthis Log - WoW Account Hacked

Hijackthis Log - WoW Account Hacked

REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" I would open a ticket and notify blizzard that you have been compromised in that case so that they don't nail you for someone else's bullshit. 5. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thank you in advance! Rtwist 60 Night Elf Rogue 720 35 posts Rtwist Ignored Apr 22, 2012 Copy URL View Post You are correct, my Java version was out of date, but flash was not.

Close any open browsers and any other programs you might have running Double click on combofix.exe & follow the prompts.If you are using windows XP It might display a pop up At this point we are novices ourselves, even though much of the basics of malware apply for smartphones as they do for PCs. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Only one of them will run on your system, that will be the right version. http://us.battle.net/forums/en/wow/topic/4662716609

Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. We need to see the zip file before we can carry on with the fix If there is no pop up alert or open browser then please go to http://www.thespykiller.co.uk/index.php?board=1.0 and

Rollback Post to Revision RollBack #8 May 31, 2012 Necormayhem Necormayhem View User Profile View Posts Send Message Faithful Join Date: 9/10/2011 Posts: 28 Member Details Oh and I've got an Posts Quoted: Reply Clear All Quotes Home Forums Diablo III General Forums Diablo III General Discussion Technical Support Server glitch or hacked account? Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 Interests:Golf, Pool (Snooker), Enjoying retirement.

This applies only to the original topic starter. They are pretty much necessary these days. 6. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. This applies only to the original topic starter.

I don't know how I was compromised, just that my system is for sure 100% clean after using a myriad of scanning programs. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it. save it to your Desktop. uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Uno Jakobsson.UNO\Application Data\Mozilla\Firefox\Profiles\zifv6tlq.default\ FF - prefs.js: keyword.URL - hxxp://se.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_se&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

IMPORTANT: Please DO NOT install/uninstall any programs unless asked to. click to read more NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! But could java being outdated alone be the culprit? Hijackthis log, WoW account hacked Discussion in 'Virus & Other Malware Removal' started by uberbruno, Oct 5, 2009.

Thanks in advance.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:22:09 AM, on 4/22/2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeC:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exeC:\Program Files The hackers definitely have a list somehow of who's been playing Diablo 3, since I never logged into an multiplayer game once. IE 11 copy/paste problem It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. Advertisement uberbruno Thread Starter Joined: Oct 5, 2009 Messages: 9 Hello, I recently got my WoW-account hacked, I think it's most likely a keylogger or a trojan.

Either a dongle or a phone app. Immediately go to cnet.com (They are a safe and legit computing site) 8. I kind of just gave up after changing my password and generally need to quit anyway. http://magicnewspaper.com/hijackthis-log/hijackthis-log-computer-hacked.html The hackers definitely have a list somehow of who's been playing Diablo 3, since I never logged into an multiplayer game once.

c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\scardsvr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Razer\DeathAdder\razerofa.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe c:\program files\Logitech\GamePanel uberbruno, Oct 5, 2009 #1 Sponsor uberbruno Thread Starter Joined: Oct 5, 2009 Messages: 9 bump uberbruno, Oct 6, 2009 #2 dvk01 Derek Moderator Malware Specialist Joined: Dec 14, Remove all that if it's there.

No system is perfect, of course, but I have yet to see any proof or even any evidence that would point to Blizzard at all here.

Rollback Post to Revision RollBack #9 May 31, 2012 Kibster Kibster View User Profile View Posts Send Message Zakarumite Join Date: 2/17/2012 Posts: 1 Member Details I never bothered with an Check and secure all your online accounts especially financial ones. 7. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Register now!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Rollback Post to Revision RollBack #10 Jun 1, 2012 Grafton Grafton View User Profile View Posts Send Message Zakarumite Location: Roanoke Join Date: 5/29/2012 Posts: 4 Member Details Was it the If yours is not listed and you don't know how to disable it, please ask. Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast!

If you have expertise in working with smartphones, we urge you to contact an administrator about the possibility of becoming part of the staff after we review your credentials. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 venomous35 venomous35 Topic Starter Members 2 posts OFFLINE Local time:05:43 PM Posted 07 April 2008 By default it will install to C:\Program Files\Trend Micro\HijackThis . Go to battlenet and change to a new password and switch your account to your new email. 3.

Log In Return to Forum quote blizzardlogo netEaselogo Thanks for visiting the Blizzard Forums (2.14.0) ยท Patch Notes Support Feedback Americas - English (US) Region Americas Europe Asia China Language English