|
Plagegeister aller Art und deren Bekämpfung: h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.11.2010, 11:29 | #1 |
| h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das? h**p://supertalent-hp-seite-nu2010.tk/ Was ist das für eine Seite? In einer Beschreibung eines Youtube-Videos war der Link enthalten. Ich habe ausversehen draufgeklickt und bin auf die Seite gekommen. Da steht irgendwie meine IP und dass mein PC gehackt wurde. Ist das nur ein Fake? Was kann ich machen? Maßnahmen, die ich bisher getroffen haben waren: Im abgesicherten Modus "Search&Destroy, Kaspersky, HiJackThis und WinPatrol" laufen zu lassen. Ich poste auch noch mal den HiJackThis. Ich hoffe jemand kann mir schnell weiterhelfen. (Link in sicherer Umgebung öffnen?) Es wäre ja eine Sauerei, wenn sowas öfter in Youtube-Videobeschreibungen vorkommt. HiJackThis-Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:47, on 09.04.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\*****\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\*****\Desktop\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Michel.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Mediaplayer - {1536BA74-8625-4240-99B0-BE65883689C8} - C:\PROGRA~1\MEDIAP~1\MEDIAP~1\IEBUTT~1.DLL O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: SETRES.EXE O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98a21b544ab20) (gupdate1c98a21b544ab20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe End of file - 11933 bytes |
28.11.2010, 11:37 | #2 |
/// Malware-holic | h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das? das ist nichts schlimmes.
__________________aber dein system sollten wir uns trotzdem ansehen, warum zb hast du kein sp2? ich würde dir also, falls erwünscht, helfen das system besser abzusichern
__________________ |
28.11.2010, 12:17 | #3 | |
| h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das?Zitat:
danke schon mal für die Beruhigung! Ich habe eigentlich das SP2 und alles ist auf dem neusten Stand. Warum es nicht angezeigt wird kann ich nicht sagen. Es ist rätselhaft. Wie kann man das System noch besser absichern? Sollte ich noch irgendwas machen? Was hat es dann mit dem Link auf sich? Automatisch wird da doch nichts gedownloadet oder so? Soll ich Cookies und Cache von Firefox löschen? Temporäre Dateien und co habe ich auch schon komplett gelöscht. An sonsten denke ich mal, dass Kaspersky Internet Security 2011 einen ganz guten Job erledigt. |
28.11.2010, 12:30 | #4 |
/// Malware-holic | h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das? gut das du mich erinnert hast, jetzt habe ich gesehen warum .. rechtsklick auf hijackthis, als admin ausführen, scanne noch mal. auf der seite wird nichts gedownloaded etc. den chache kannst ja mal leeren. lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.11.2010, 13:00 | #5 | |
| h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das?Zitat:
Code:
ATTFilter µTorrent (notwendig) Acer Arcade Deluxe (notwendig) Acer Crystal Eye Webcam (notwendig) Acer eAudio Management (notwendig) Acer eDataSecurity Management (notwendig) Acer eLock Management (notwendig) Acer Empowering Technology (notwendig) Acer eNet Management (notwendig) Acer ePower Management (notwendig) Acer ePresentation Management (notwendig) Acer eSettings Management (notwendig) Acer GameZone Console 2.0.1.1 (notwendig) Acer GridVista (notwendig) Acer Mobility Center Plug-In (notwendig) Acer ScreenSaver (notwendig) Activation Assistant for the 2007 Microsoft Office suites Adobe AIR (notwendig) Adobe ExtendScript Toolkit 2 (notwendig) Adobe Flash Player 10 Plugin (notwendig) Adobe Flash Player ActiveX (notwendig) Adobe Media Player (notwendig) Adobe Photoshop CS3 (notwendig) Adobe Reader 9.1 - Deutsch (notwendig) Adobe Shockwave Player 11.5 (notwendig) Akamai NetSession Interface Apple Application Support Apple Mobile Device Support Apple Software Update Application Suite Ask Toolbar Ask.com Search Assistant 1.0.1 ATI Catalyst Install Manager (notwendig) Audiosurf (notwendig) Biet-O-Matic v2.8.2 (notwendig) Bonjour Broadcom Gigabit Integrated Controller (notwendig) Brother MFL-Pro Suite (notwendig) Canon ScanGear Starter (notwendig) CanoScan Toolbox Ver4.9 (notwendig) CCleaner (remove only) (notwendig) CradleAlarm 4.7.2 (notwendig) Dexter Screen Saver DivX Converter (notwendig) DivX Plus DirectShow Filters (notwendig) DivX-Setup (notwendig) FileZilla Client 3.3.4.1 (notwendig) FlashGet 1.9.6.1073 (notwendig) Google Chrome Google Earth (notwendig) Google Updater GratisLister (notwendig) GTK+ Runtime 2.14.7 rev a (nur entfernen) (notwendig) HDAUDIO Soft Data Fax Modem with SmartCP (notwendig) HijackThis 2.0.2 (notwendig) Hotspot_Shield Toolbar ICQ7.2 (notwendig) Inkscape 0.47 (notwendig) Intel(R) PROSet/Wireless WiFi-Software (notwendig) Intel® Matrix Storage Manager (notwendig) IrfanView (remove only) (notwendig) iTunes IZArc 3.81 (notwendig) Java(TM) 6 Update 20 Java(TM) 6 Update 7 JDownloader (notwendig) Kaspersky Internet Security 2011 (notwendig) Launch Manager M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (notwendig) MAGIX Video deluxe 2006 2007 PLUS (D) (notwendig) MailStore Home 4.0.4.3791 (notwendig) Mediapiraten Messenger Plus! Live Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Office Live Add-in 1.3 Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft SQL Server 2008 Management Objects Microsoft SQL Server Compact 3.5 SP1 (Deutsch) Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft Works Miranda IM 0.8.14 (notwendig) Mozilla Firefox (3.6.12) (notwendig) Mozilla Thunderbird (3.1.6) (notwendig) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Napster (notwendig) Notepad++ (notwendig) NTI Backup NOW! 4.7 (notwendig) NTI CD & DVD-Maker (notwendig) OpenVPN Client (notwendig) Opera 10.63 (notwendig) Orion (notwendig) PandoraRecovery (Remove Only) (notwendig) PaperPort Image Printer (notwendig) Phase 5 HTML-Editor (notwendig) Pidgin (notwendig) pidgin-otr 3.2.0-1 (notwendig) PixiePack Codec Pack (notwendig) PowerProducer QuickTime RealPlayer (notwendig) Realtek High Definition Audio Driver (notwendig) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (notwendig) ScanSoft PaperPort 11 (notwendig) Security Task Manager 1.7g (notwendig) SiSoftware Sandra Lite 2009 (notwendig) Skype Toolbars Skype™ 4.2 (notwendig) Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy (notwendig) SQL Server System CLR Types Steam (notwendig) Supreme Auction (notwendig) Synaptics Pointing Device Driver (notwendig) Synology Assistant (notwendig) Synology Data Replicator 3 (notwendig) Synology Download Redirector (notwendig) TmNationsForever (notwendig) TmUnitedForever Update 2010-03-15 (notwendig) TomTom HOME 2.6.3.1609 (notwendig) TomTom HOME Visual Studio Merge Modules (notwendig) TrackMania United 0.2.0.8 (notwendig) TrueCrypt (notwendig) Turbo Lister 2 (notwendig) VLC media player 0.9.6 (notwendig) Winbond CIR Drivers Windows Live Anmelde-Assistent Windows Live Essentials Windows Live OneCare safety scanner Windows Live-Uploadtool Windows Media Player Firefox Plugin Windows Mobile-Gerätecenter Windows Mobile-Gerätecenter: Treiberupdate WinPatrol 2008 (notwendig) Wisdom-soft AutoScreenRecorder 3.0 Free Xiph QuickTime Components Yahoo! Toolbar Zattoo 3.3.4 Beta Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:30, on 28.11.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Users\Michel\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Users\*****\Desktop\Programme\IrfanView\i_view32.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Mediaplayer - {1536BA74-8625-4240-99B0-BE65883689C8} - C:\PROGRA~1\MEDIAP~1\MEDIAP~1\IEBUTT~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (file missing) O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Spark] C:\Users\******\Desktop\Programme\Spark\Spark.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: OpenVPN Client.lnk = C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe O4 - Global Startup: SETRES.EXE O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{1402ED25-B481-4BAB-AE68-05A7ED0E9A66}: NameServer = 172.16.35.1 172.16.35.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{97D5E0D0-AA61-4682-9E65-61E800271218}: NameServer = 216.146.35.35,216.146.36.36 O17 - HKLM\System\CS1\Services\Tcpip\..\{1402ED25-B481-4BAB-AE68-05A7ED0E9A66}: NameServer = 172.16.35.1 172.16.35.1 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98a21b544ab20) (gupdate1c98a21b544ab20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12768 bytes |
28.11.2010, 15:55 | #6 |
/// Malware-holic | h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das? Adobe Reader 9.1 ersetzen durch: Adobe - Adobe Reader herunterladen - Alle Versionen bitte den mcafee security scan nicht mit instalieren. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok Deinstaliere: Ask Toolbar Ask.com Bonjour Dexter Google Chrome Hotspot_Shield Toolbar icq: warum ist das instaliert, nutze lieber miranda. icq kann runter. beide java versionen runter. Java SE Downloads - Sun Developer Network (SDN) klicke auf download jre Launch Manager Mediapiraten Messenger Plus Microsoft Silverlight Microsoft SQL Server alle 3 ich würd komplett auf den ff verzichten, er ist nicht so sicher wie der opera! PowerProducer QuickTime Skype Toolbars öffne skype, update, instaliere skype5 Spelling Dictionaries SQL Server System VLC updaten: VideoLAN - VLC media player - Open Source Multimedia Framework and Player Winbond alles von windows live. Windows Media Player Firefox Plugin WinPatrol braucht man nicht unbedingt. ist ja auch schon relativ alt. Wisdom Xiph Yahoo! Toolbar Zattoo ich nehme an, alle programme wo nichts hinter steht sind nicht benötigt. bereinige mit dem CCleaner dateien +registry.
__________________ --> h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das? |
Themen zu h**p://supertalent-hp-seite-nu2010.tk/ Hacker? Was ist das? |
adobe, bho, desktop, downloader, excel, explorer, firefox, hacker?, helper, hijack, hijackthis, internet, internet explorer, kaspersky, launch, logfile, monitor, mozilla, registry, rundll, schutz, senden, software, system, temp, vista, windows |