|
|
| von Viren
erstellte Dienste
|
|
BEISPIEL:
Start -> Ausführen --> schreib rein: notepad -- klicke OK.
oder , falls das Kommando nicht funktoniert, öffne den TextEditor....
Dann kopiere folgenden Text rein:
sc stop cmdService
sc delete cmdService
del delete.bat
|
Auf dem Desktop abspeichern [Gebe bei Dateityp 'Alle Dateien' an.] als delete.bat. --> Doppeltklicken
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip
- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
BEISPIEL:
HijacktHis
O23 - Service: 32bit Printer Driver - Unknown owner - C:\WINDOWS\system32\snmpapi\install.exe
O23 - Service: commdlg (commdlg32) - Unknown owner - C:\WINDOWS\commdlg32.exe (file missing)
O23 - Service: Client Server Runtime Service (csrss32) - Unknown owner - C:\WINDOWS\csr.exe (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINDOWS\msinit.exe (file missing)
O23 - Service: msacm32 - Unknown owner - C:\WINDOWS\system32\snmpapi\install.exe
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\system32\Wmsngr.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
|
klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK!
"Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert"
32bit Printer Driver
commdlg
Client Server Runtime Service
fwnet64
msinit
msacm32
MsLX32
netconf32
Performance True Type Fonts
Remote Procedure Call (RPC) Monitoring
Win32Sr
Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke nach jedem O.K.
sc delete 32bit Printer Driver
sc delete commdlg32
sc delete csrss32
sc delete fwnet
sc delete Microsoft Scheduling Agent
sc delete msacm32
sc delete MsLX32
sc delete netconf32
sc delete PerfFont
sc delete Rpcmon
sc delete Win32Sr
avpe32_haxdoor
O20 - Winlogon Notify: avpe32 - avpe32.dll
capapi32
C:\WINDOWS\system32\mmfc.exe
C:\WINDOWS\system32\setups.bak
C:\WINDOWS\system32\netlib32.dll
C:\WINDOWS\system32\capapi32.dll
directlujp
Troj/Crybot-C wird als ein neuer Systemtreiberdienst namens "DirectLujp" mit dem Anzeigenamen
"DirectX Service"
dragonage
O23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe
f3490d74d7cdrv
O23 - Service: WindowInstallSystem - Unknown - C:\WINDOWS\f3490d74d7c.exe
C:\WINDOWS\f3490d74d7c.ini , C:\WINDOWS\f3490d74d7cdrv.sys
FireDaemon Service
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
Hardware Clock Driver
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
ldr64_dll
O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll
integitor
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"
lsass
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
lsass_1
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
mcfcc4
O20 - Winlogon Notify: mcfCC4 - mcfCC4.dll
microsoftagent
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\ppcdost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rltwvknv.exe
mousehs
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe
msasvc_exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
msinfomgr_sys
W32.Naras - msinfomgr.sys,msinfmgr.exe,msinfdll.dll
msupdate1
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe
msupdate
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\System32\msupd.exe
netmon
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TVc\command.exe
nprotect
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe
nvsvcd
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
oreans32
C:\WINDOWS\system32\drivers\oreans32.sys
powermanager
O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe
pptp16_haxdoor
O20 - Winlogon Notify: pptp16 - C:\WINDOWS\SYSTEM32\pptp16.dll
printpnp_goldrun
O20 - Winlogon Notify: printpnp - printpnp.dll
O20 - Winlogon Notify: printpnp - E:\WINNT\SYSTEM32\printpnp.dll
O20 - Winlogon Notify: qopol - E:\WINNT\SYSTEM32\qopol.dll
prxsvc
O21 - SSODL: prxsvc - {725A9115-9EBB-42D6-BFC0-B1579CF4184F} - prxsvc.dll
O23 - Service: MSDN Driver (msdndr) - Unknown owner - C:\WINDOWS\system32\msdndr.pif
rdriv
28.11.2005 14:35 7.168 rdriv.sys - Troj/Rootkit-W
O23 - Service: shost.exe - Unknown owner - C:\WINDOWS\shost.exe
remonsys
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
C:\Windows\System32\remon.sys
C:\WINDOWS\taskcntr.exe
rpcmon
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe
runas
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe
secure_system
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"
seppgs_dll
O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
service
O21 - SSODL: IEFilter - {FEA298D0-0E55-4A48-B881-8D4EB4E45CFB} - C:\WINDOWS\system32\IEFilter.dll
O21 - SSODL: IEFilter - {1287459E-BDAB-462A-B57A-E2D9D247D597} - F:\WINDOWS\system32\IEFilter.dll
services
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
shost
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
sndu_haxdoor
O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll
spdcheck
O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe
sptrojan
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä.#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apphi.exe
svchost_cmd
O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd
svkvpn_haxdoor
O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll
sysbus32_sys
32bit system bus driver: \??\C:\WINDOWS\System32\drivers\sysbus32.sys (autostart)
sysdat
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe
sysmgr64
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
taskcntr
O23 - Service: SMSS - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe
taskshed_nlsys32
O23 - Service: DLTC(dltc) (DLTC) - Unknown owner - C:\WINNT\system32\nlsys32.exe
O23 - Service: TskScheduler - Unknown owner - C:\WINNT\taskshed.exe
O23 - Service: WmDmPsp - Unknown owner - C:\WINNT\system32\sysdtc32.exe
tilebot
lpdriver.sys
tkscupy_exe
O23 - Service: nIOLGN - Unknown owner - C:\:tKSCupy.exe
upnp_exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP Configuration) - Unknown owner - C:\WINDOWS\System32\upnp.exe
upnpdrv
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe
virendienste
O23 - Service: dllmgr64 - Unknown owner - D:\WINDOWS\dllmgr64.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe
O23 - Service: Microsoft Background Intelligent Transfer Update Version 2.0 (MBIT) - Unknown owner - C:\WINDOWS\system32\msbitsec.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe
O23 - Service: Windows Ndis Driver (zions.game-host.org) - Unknown owner - C:\WINDOWS\System32\WinSys32s.exe" -netsvcs
O23 - Service: Windows Debug Management - Unknown owner - C:\WINDOWS\system32\mscn.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe
O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe
wdfmgr
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe
wgareg
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe
winarc
Path: "c:\windows\windat.exe" - Root\LEGACY_WINARC
wincom32_sys
ImagePath = \??\%SYSDIR%\wincom32.sys
windowsoverlaycomponents
O23 - Service: Windows Overlay Components - Unknown - C:\WINDOWS\hccyqwo.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aporukw.exe
winklmg
O23 - Service: Winklmg - Unknown owner - C:\WINDOWS\System32\Winklmg.exe
winlogon
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
winmgnt
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
wsock32sys
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe
wurmd
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe
xmm13g_haxdoor
O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll
O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll
xprotector
c:\windows\system32\drivers\xprotector.sys
xptptt_haxdoor
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
|
|