|
hilfe hilfe hilfe guten morgen, ich versuche seid gerade die seite w*w.warplayer.com aufzurufen, was ich zu sehen bekomme ist folgendes: (hab nen screenshot gehostet) h**p://img137.imageshack.us/my.php?image=untitled1copy2tb.jpg hier ist mein log: Logfile of HijackThis v1.99.1 Scan saved at 11:29:03, on 14.04.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\Tech\Wheel Mouse\5.2\MOUSE32A.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\svchost.exe H:\Programme\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\WINDOWS\system32\svchost.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Xfire\Xfire.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Tech\Wheel Mouse\5.2\MOUSE32A.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - h**p://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - h**p://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141835052125 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe wenn ich mir den quelltext der site anzeigen lasse kommt das hier: <html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns="http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv="Content-Language" content="tr"> <meta name="GENERATOR" content="Microsoft FrontPage 5.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <link rel="File-List" href="yeni_sayfa_2_dosyalar/filelist.xml"> <title>Hacked By SwaT_Hack</title> <!--[if !mso]> <style> v\:* { behavior: url(#default#VML) } o\:* { behavior: url(#default#VML) } .shape { behavior: url(#default#VML) } </style> <![endif]--> <meta http-equiv="Page-Enter" content="revealTrans(Duration=5.0,Transition=5)"> <!--[if gte mso 9]> <xml><o:shapedefaults v:ext="edit" spidmax="1027"/> </xml><![endif]--> </head> <body text="#FFFFFF" bgcolor="#000000"> <p align="center"> </p> <p align="center"> </p> <p align="center"> <img border="0" src="http://amfibi99.sitemynet.com/index/a2.gif" width="150" height="157"></p> <p align="center"><!--[if gte vml 1]><v:shapetype id="_x0000_t136" coordsize="21600,21600" o:spt="136" adj="10800" path="m@7,l@8,m@5,21600l@6,21600e"> <v:formulas> <v:f eqn="sum #0 0 10800"/> <v:f eqn="prod #0 2 1"/> <v:f eqn="sum 21600 0 @1"/> <v:f eqn="sum 0 0 @2"/> <v:f eqn="sum 21600 0 @3"/> <v:f eqn="if @0 @3 0"/> <v:f eqn="if @0 21600 @1"/> <v:f eqn="if @0 0 @2"/> <v:f eqn="if @0 @4 21600"/> <v:f eqn="mid @5 @6"/> <v:f eqn="mid @8 @5"/> <v:f eqn="mid @7 @8"/> <v:f eqn="mid @6 @7"/> <v:f eqn="sum @6 0 @5"/> </v:formulas> <v:path textpathok="t" o:connecttype="custom" o:connectlocs="@9,0;@10,10800;@11,21600;@12,10800" o:connectangles="270,180,90,0"/> <v:textpath on="t" fitshape="t"/> <v:handles> <v:h position="#0,bottomRight" xrange="6629,14971"/> </v:handles> <o:lock v:ext="edit" text="t" shapetype="t"/> </v:shapetype><v:shape id="_x0000_s1027" type="#_x0000_t136" alt="Owned You SwaT_Hack " style='width:344.25pt;height:96pt' stroked="f"> <v:shadow on="t" color="#b2b2b2" opacity="52429f" offset="3pt"/> <v:textpath style='font-family:"Times New Roman";v-text-kern:t' trim="t" fitpath="t" string="Owned You SwaT_Hack "/> </v:shape><![endif]--><![if !vml]><img border=0 width=463 height=131 src="yeni_sayfa_2_dosyalar/image001.gif" alt="Owned You SwaT_Hack " v:shapes="_x0000_s1027"><![endif]></p> <div align="center"> <center> <p><font color="#FF0000" size="7">Cooming Soon</font></p> </center> </div> <h1 align="center"><font size="7">Turkish Hacker</font></h1> <p align="center"><font size="4" color="#FF0000">Was Here</font></p> </body> </html> alles andere funktioniert........... LG aus dem ruhrpott [edit] links entfernt GUA [/edit] |
Zitat:
h**p://www.warplayer.com/ vielleicht wissen sie noch nicht, dass ihre Seite gehackt wurde.... [edit] links entfernt GUA [/edit] |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:42 Uhr. |
Copyright ©2000-2024, Trojaner-Board