|
BEISPIEL: Start -> Ausführen --> schreib rein: notepad -- klicke OK. oder , falls das Kommando nicht funktoniert, öffne den TextEditor.... Dann kopiere folgenden Text rein:
Auf dem Desktop abspeichern [Gebe bei Dateityp 'Alle Dateien' an.] als delete.bat. --> Doppeltklicken ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren BEISPIEL: HijacktHis
klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK! "Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert" 32bit Printer Driver commdlg Client Server Runtime Service fwnet64 msinit msacm32 MsLX32 netconf32 Performance True Type Fonts Remote Procedure Call (RPC) Monitoring Win32Sr Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke nach jedem O.K. sc delete 32bit Printer Driver sc delete commdlg32 sc delete csrss32 sc delete fwnet sc delete Microsoft Scheduling Agent sc delete msacm32 sc delete MsLX32 sc delete netconf32 sc delete PerfFont sc delete Rpcmon sc delete Win32Sr avpe32_haxdoor O20 - Winlogon Notify: avpe32 - avpe32.dll capapi32 C:\WINDOWS\system32\mmfc.exe C:\WINDOWS\system32\setups.bak C:\WINDOWS\system32\netlib32.dll C:\WINDOWS\system32\capapi32.dll directlujp Troj/Crybot-C wird als ein neuer Systemtreiberdienst namens "DirectLujp" mit dem Anzeigenamen "DirectX Service" dragonage O23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe f3490d74d7cdrv O23 - Service: WindowInstallSystem - Unknown - C:\WINDOWS\f3490d74d7c.exe C:\WINDOWS\f3490d74d7c.ini , C:\WINDOWS\f3490d74d7cdrv.sys FireDaemon Service O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE Hardware Clock Driver O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe ldr64_dll O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll integitor O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe" lsass O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe lsass_1 O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe mcfcc4 O20 - Winlogon Notify: mcfCC4 - mcfCC4.dll microsoftagent O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\ppcdost.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rltwvknv.exe mousehs O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe msasvc_exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe msinfomgr_sys W32.Naras - msinfomgr.sys,msinfmgr.exe,msinfdll.dll msupdate1 O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe msupdate O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\System32\msupd.exe netmon O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TVc\command.exe nprotect O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe nvsvcd O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe oreans32 C:\WINDOWS\system32\drivers\oreans32.sys powermanager O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe pptp16_haxdoor O20 - Winlogon Notify: pptp16 - C:\WINDOWS\SYSTEM32\pptp16.dll printpnp_goldrun O20 - Winlogon Notify: printpnp - printpnp.dll O20 - Winlogon Notify: printpnp - E:\WINNT\SYSTEM32\printpnp.dll O20 - Winlogon Notify: qopol - E:\WINNT\SYSTEM32\qopol.dll prxsvc O21 - SSODL: prxsvc - {725A9115-9EBB-42D6-BFC0-B1579CF4184F} - prxsvc.dll O23 - Service: MSDN Driver (msdndr) - Unknown owner - C:\WINDOWS\system32\msdndr.pif rdriv 28.11.2005 14:35 7.168 rdriv.sys - Troj/Rootkit-W O23 - Service: shost.exe - Unknown owner - C:\WINDOWS\shost.exe remonsys O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe C:\Windows\System32\remon.sys C:\WINDOWS\taskcntr.exe rpcmon O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe runas O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntuser.exe O23 - Service: NTLOAD - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe O23 - Service: NTSVCMGR - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe secure_system O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe" seppgs_dll O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe service O21 - SSODL: IEFilter - {FEA298D0-0E55-4A48-B881-8D4EB4E45CFB} - C:\WINDOWS\system32\IEFilter.dll O21 - SSODL: IEFilter - {1287459E-BDAB-462A-B57A-E2D9D247D597} - F:\WINDOWS\system32\IEFilter.dll services O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe shost O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe sndu_haxdoor O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll O20 - Winlogon Notify: msupdate - msupdate32.dll spdcheck O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe sptrojan O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä.#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apphi.exe svchost_cmd O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd svkvpn_haxdoor O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll sysbus32_sys 32bit system bus driver: \??\C:\WINDOWS\System32\drivers\sysbus32.sys (autostart) sysdat O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe sysmgr64 O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe taskcntr O23 - Service: SMSS - Unknown owner - C:\WINDOWS\smss.exe O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe taskshed_nlsys32 O23 - Service: DLTC(dltc) (DLTC) - Unknown owner - C:\WINNT\system32\nlsys32.exe O23 - Service: TskScheduler - Unknown owner - C:\WINNT\taskshed.exe O23 - Service: WmDmPsp - Unknown owner - C:\WINNT\system32\sysdtc32.exe tilebot lpdriver.sys tkscupy_exe O23 - Service: nIOLGN - Unknown owner - C:\:tKSCupy.exe upnp_exe O23 - Service: Universal Plug and Play Device Configuration (UPnP Configuration) - Unknown owner - C:\WINDOWS\System32\upnp.exe upnpdrv O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe virendienste O23 - Service: dllmgr64 - Unknown owner - D:\WINDOWS\dllmgr64.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe O23 - Service: Microsoft Background Intelligent Transfer Update Version 2.0 (MBIT) - Unknown owner - C:\WINDOWS\system32\msbitsec.exe O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe O23 - Service: Windows Ndis Driver (zions.game-host.org) - Unknown owner - C:\WINDOWS\System32\WinSys32s.exe" -netsvcs O23 - Service: Windows Debug Management - Unknown owner - C:\WINDOWS\system32\mscn.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe wdfmgr O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe wgareg O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe winarc Path: "c:\windows\windat.exe" - Root\LEGACY_WINARC wincom32_sys ImagePath = \??\%SYSDIR%\wincom32.sys windowsoverlaycomponents O23 - Service: Windows Overlay Components - Unknown - C:\WINDOWS\hccyqwo.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aporukw.exe winklmg O23 - Service: Winklmg - Unknown owner - C:\WINDOWS\System32\Winklmg.exe winlogon O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe winmgnt O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE wsock32sys F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe wurmd O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe xmm13g_haxdoor O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll xprotector c:\windows\system32\drivers\xprotector.sys xptptt_haxdoor O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll 
|
©virus-protect.org
