von Viren erstellte Dienste

startseite Gastbuch Kontakt
von Viren erstellte Dienste
von Viren erstellte Dienste



BEISPIEL:

Start -> Ausführen --> schreib rein: notepad -- klicke OK.
oder , falls das Kommando nicht funktoniert, öffne den TextEditor....

Dann kopiere folgenden Text rein:

sc stop cmdService
sc delete cmdService
del delete.bat


Auf dem Desktop abspeichern [Gebe bei Dateityp 'Alle Dateien' an.] als delete.bat. --> Doppeltklicken




ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

BEISPIEL:

HijacktHis

O23 - Service: 32bit Printer Driver - Unknown owner - C:\WINDOWS\system32\snmpapi\install.exe
O23 - Service: commdlg (commdlg32) - Unknown owner - C:\WINDOWS\commdlg32.exe (file missing)
O23 - Service: Client Server Runtime Service (csrss32) - Unknown owner - C:\WINDOWS\csr.exe (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINDOWS\msinit.exe (file missing)
O23 - Service: msacm32 - Unknown owner - C:\WINDOWS\system32\snmpapi\install.exe
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\system32\Wmsngr.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe


klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK!

"Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert"

32bit Printer Driver
commdlg
Client Server Runtime Service
fwnet64
msinit
msacm32
MsLX32
netconf32
Performance True Type Fonts
Remote Procedure Call (RPC) Monitoring
Win32Sr


Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke nach jedem O.K.

sc delete 32bit Printer Driver
sc delete commdlg32
sc delete csrss32
sc delete fwnet
sc delete Microsoft Scheduling Agent
sc delete msacm32
sc delete MsLX32
sc delete netconf32
sc delete PerfFont
sc delete Rpcmon
sc delete Win32Sr



avpe32_haxdoor
O20 - Winlogon Notify: avpe32 - avpe32.dll

capapi32
C:\WINDOWS\system32\mmfc.exe
C:\WINDOWS\system32\setups.bak
C:\WINDOWS\system32\netlib32.dll
C:\WINDOWS\system32\capapi32.dll

directlujp
Troj/Crybot-C wird als ein neuer Systemtreiberdienst namens "DirectLujp" mit dem Anzeigenamen
"DirectX Service"

dragonage
O23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe

f3490d74d7cdrv
O23 - Service: WindowInstallSystem - Unknown - C:\WINDOWS\f3490d74d7c.exe
C:\WINDOWS\f3490d74d7c.ini , C:\WINDOWS\f3490d74d7cdrv.sys

FireDaemon Service
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE

Hardware Clock Driver
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe

ldr64_dll
O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll

integitor
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"

lsass
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

lsass_1
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

mcfcc4
O20 - Winlogon Notify: mcfCC4 - mcfCC4.dll

microsoftagent
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\ppcdost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rltwvknv.exe

mousehs
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe

msasvc_exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe

msinfomgr_sys
W32.Naras - msinfomgr.sys,msinfmgr.exe,msinfdll.dll

msupdate1
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe

msupdate
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\System32\msupd.exe

netmon
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TVc\command.exe

nprotect
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe

nvsvcd
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

oreans32
C:\WINDOWS\system32\drivers\oreans32.sys

powermanager
O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe

pptp16_haxdoor
O20 - Winlogon Notify: pptp16 - C:\WINDOWS\SYSTEM32\pptp16.dll

printpnp_goldrun
O20 - Winlogon Notify: printpnp - printpnp.dll
O20 - Winlogon Notify: printpnp - E:\WINNT\SYSTEM32\printpnp.dll
O20 - Winlogon Notify: qopol - E:\WINNT\SYSTEM32\qopol.dll

prxsvc
O21 - SSODL: prxsvc - {725A9115-9EBB-42D6-BFC0-B1579CF4184F} - prxsvc.dll
O23 - Service: MSDN Driver (msdndr) - Unknown owner - C:\WINDOWS\system32\msdndr.pif

rdriv
28.11.2005 14:35 7.168 rdriv.sys - Troj/Rootkit-W
O23 - Service: shost.exe - Unknown owner - C:\WINDOWS\shost.exe

remonsys
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
C:\Windows\System32\remon.sys
C:\WINDOWS\taskcntr.exe

rpcmon
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe

runas
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe

secure_system
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"

seppgs_dll
O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

service
O21 - SSODL: IEFilter - {FEA298D0-0E55-4A48-B881-8D4EB4E45CFB} - C:\WINDOWS\system32\IEFilter.dll
O21 - SSODL: IEFilter - {1287459E-BDAB-462A-B57A-E2D9D247D597} - F:\WINDOWS\system32\IEFilter.dll

services
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe

shost
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe

sndu_haxdoor
O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll

spdcheck
O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe

sptrojan
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä.#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apphi.exe

svchost_cmd
O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd

svkvpn_haxdoor
O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll

sysbus32_sys
32bit system bus driver: \??\C:\WINDOWS\System32\drivers\sysbus32.sys (autostart)

sysdat
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe

sysmgr64
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

taskcntr
O23 - Service: SMSS - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe

taskshed_nlsys32
O23 - Service: DLTC(dltc) (DLTC) - Unknown owner - C:\WINNT\system32\nlsys32.exe
O23 - Service: TskScheduler - Unknown owner - C:\WINNT\taskshed.exe
O23 - Service: WmDmPsp - Unknown owner - C:\WINNT\system32\sysdtc32.exe

tilebot
lpdriver.sys

tkscupy_exe
O23 - Service: nIOLGN - Unknown owner - C:\:tKSCupy.exe

upnp_exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP Configuration) - Unknown owner - C:\WINDOWS\System32\upnp.exe

upnpdrv
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe

virendienste
O23 - Service: dllmgr64 - Unknown owner - D:\WINDOWS\dllmgr64.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe
O23 - Service: Microsoft Background Intelligent Transfer Update Version 2.0 (MBIT) - Unknown owner - C:\WINDOWS\system32\msbitsec.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe
O23 - Service: Windows Ndis Driver (zions.game-host.org) - Unknown owner - C:\WINDOWS\System32\WinSys32s.exe" -netsvcs
O23 - Service: Windows Debug Management - Unknown owner - C:\WINDOWS\system32\mscn.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe
O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe

wdfmgr
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe

wgareg
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe

winarc
Path: "c:\windows\windat.exe" - Root\LEGACY_WINARC

wincom32_sys
ImagePath = \??\%SYSDIR%\wincom32.sys

windowsoverlaycomponents
O23 - Service: Windows Overlay Components - Unknown - C:\WINDOWS\hccyqwo.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aporukw.exe

winklmg
O23 - Service: Winklmg - Unknown owner - C:\WINDOWS\System32\Winklmg.exe

winlogon
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

winmgnt
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE

wsock32sys
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe

wurmd
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe

xmm13g_haxdoor
O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll
O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll

xprotector
c:\windows\system32\drivers\xprotector.sys

xptptt_haxdoor
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll



Valid HTML 4.01 Ranking-Hits