von Viren
erstellte Dienste
in Windows




von Viren erstellte Dienste in Windows

weiter BEISPIEL:

Start -> Ausführen --> schreib rein: notepad -- klicke OK.
oder , falls das Kommando nicht funktoniert, öffne den TextEditor....

Dann kopiere folgenden Text rein:

sc stop cmdService
sc delete cmdService
del delete.bat

Auf dem Desktop abspeichern [Gebe bei Dateityp 'Alle Dateien' an.] als delete.bat. --> Doppeltklicken

weiter ServiceFilter.zip ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

weiter BEISPIEL:

weiter HijacktHis

O23 - Service: 32bit Printer Driver - Unknown owner - C:\WINDOWS\system32\snmpapi\install.exe
O23 - Service: commdlg (commdlg32) - Unknown owner - C:\WINDOWS\commdlg32.exe (file missing)
O23 - Service: Client Server Runtime Service (csrss32) - Unknown owner - C:\WINDOWS\csr.exe (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINDOWS\msinit.exe (file missing)
O23 - Service: msacm32 - Unknown owner - C:\WINDOWS\system32\snmpapi\install.exe
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: netconf32 - Unknown owner - C:\WINDOWS\netconf32.exe (file missing)
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\system32\Wmsngr.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe

weiter klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK!

"Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert"

32bit Printer Driver
commdlg
Client Server Runtime Service
fwnet64
msinit
msacm32
MsLX32
netconf32
Performance True Type Fonts
Remote Procedure Call (RPC) Monitoring
Win32Sr

weiter Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke nach jedem O.K.

sc delete 32bit Printer Driver
sc delete commdlg32
sc delete csrss32
sc delete fwnet
sc delete Microsoft Scheduling Agent
sc delete msacm32
sc delete MsLX32
sc delete netconf32
sc delete PerfFont
sc delete Rpcmon
sc delete Win32Sr


weiter avpe32_haxdoor
O20 - Winlogon Notify: avpe32 - avpe32.dll

weiter capapi32
C:\WINDOWS\system32\mmfc.exe
C:\WINDOWS\system32\setups.bak
C:\WINDOWS\system32\netlib32.dll
C:\WINDOWS\system32\capapi32.dll

weiter directlujp
Troj/Crybot-C wird als ein neuer Systemtreiberdienst namens "DirectLujp" mit dem Anzeigenamen
"DirectX Service"

weiter dragonage
O23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe

weiter f3490d74d7cdrv
O23 - Service: WindowInstallSystem - Unknown - C:\WINDOWS\f3490d74d7c.exe
C:\WINDOWS\f3490d74d7c.ini , C:\WINDOWS\f3490d74d7cdrv.sys

weiter FireDaemon Service
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE

weiter Hardware Clock Driver
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe

weiter ldr64_dll
O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll

weiter integitor
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"

weiter lsass
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

weiter lsass_1
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll"
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

weiter mcfcc4
O20 - Winlogon Notify: mcfCC4 - mcfCC4.dll

weiter microsoftagent
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\ppcdost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rltwvknv.exe

weiter mousehs
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe

weiter msasvc_exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe

weiter msinfomgr_sys
W32.Naras - msinfomgr.sys,msinfmgr.exe,msinfdll.dll

weiter msupdate1
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe

weiter msupdate
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\System32\msupd.exe

weiter netmon
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TVc\command.exe

weiter nprotect
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe

weiter nvsvcd
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

weiter oreans32
C:\WINDOWS\system32\drivers\oreans32.sys

weiter powermanager
O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe

weiter pptp16_haxdoor
O20 - Winlogon Notify: pptp16 - C:\WINDOWS\SYSTEM32\pptp16.dll

weiter printpnp_goldrun
O20 - Winlogon Notify: printpnp - printpnp.dll
O20 - Winlogon Notify: printpnp - E:\WINNT\SYSTEM32\printpnp.dll
O20 - Winlogon Notify: qopol - E:\WINNT\SYSTEM32\qopol.dll

weiter prxsvc
O21 - SSODL: prxsvc - {725A9115-9EBB-42D6-BFC0-B1579CF4184F} - prxsvc.dll
O23 - Service: MSDN Driver (msdndr) - Unknown owner - C:\WINDOWS\system32\msdndr.pif

weiter rdriv
28.11.2005 14:35 7.168 rdriv.sys - Troj/Rootkit-W
O23 - Service: shost.exe - Unknown owner - C:\WINDOWS\shost.exe

weiter remonsys
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
C:\Windows\System32\remon.sys
C:\WINDOWS\taskcntr.exe

weiter rpcmon
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe

weiter runas
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe

weiter secure_system
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"

weiter seppgs_dll
O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

weiter service
O21 - SSODL: IEFilter - {FEA298D0-0E55-4A48-B881-8D4EB4E45CFB} - C:\WINDOWS\system32\IEFilter.dll
O21 - SSODL: IEFilter - {1287459E-BDAB-462A-B57A-E2D9D247D597} - F:\WINDOWS\system32\IEFilter.dll

weiter services
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe

weiter shost
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe

weiter sndu_haxdoor
O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll

weiter spdcheck
O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe

weiter sptrojan
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä.#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apphi.exe

weiter svchost_cmd
O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd

weiter svkvpn_haxdoor
O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll

weiter sysbus32_sys
32bit system bus driver: \??\C:\WINDOWS\System32\drivers\sysbus32.sys (autostart)

weiter sysdat
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe

weiter sysmgr64
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

weiter taskcntr
O23 - Service: SMSS - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe
O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe

weiter taskshed_nlsys32
O23 - Service: DLTC(dltc) (DLTC) - Unknown owner - C:\WINNT\system32\nlsys32.exe
O23 - Service: TskScheduler - Unknown owner - C:\WINNT\taskshed.exe
O23 - Service: WmDmPsp - Unknown owner - C:\WINNT\system32\sysdtc32.exe

weiter tilebot
lpdriver.sys

weiter tkscupy_exe
O23 - Service: nIOLGN - Unknown owner - C:\:tKSCupy.exe

weiter upnp_exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP Configuration) - Unknown owner - C:\WINDOWS\System32\upnp.exe

weiter upnpdrv
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe

weiter virendienste
O23 - Service: dllmgr64 - Unknown owner - D:\WINDOWS\dllmgr64.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe
O23 - Service: Microsoft Background Intelligent Transfer Update Version 2.0 (MBIT) - Unknown owner - C:\WINDOWS\system32\msbitsec.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe
O23 - Service: Windows Ndis Driver (zions.game-host.org) - Unknown owner - C:\WINDOWS\System32\WinSys32s.exe" -netsvcs
O23 - Service: Windows Debug Management - Unknown owner - C:\WINDOWS\system32\mscn.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe
O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe

weiter wdfmgr
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe

weiter wgareg
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe

weiter winarc
Path: "c:\windows\windat.exe" - Root\LEGACY_WINARC

weiter wincom32_sys
ImagePath = \??\%SYSDIR%\wincom32.sys

weiter windowsoverlaycomponents
O23 - Service: Windows Overlay Components - Unknown - C:\WINDOWS\hccyqwo.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aporukw.exe

weiter winklmg
O23 - Service: Winklmg - Unknown owner - C:\WINDOWS\System32\Winklmg.exe

weiter winlogon
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

weiter winmgnt
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE

weiter wsock32sys
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe

weiter wurmd
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe
O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe

weiter xmm13g_haxdoor
O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll
O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll

weiter xprotector
c:\windows\system32\drivers\xprotector.sys

weiter xptptt_haxdoor
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll

startseite
virus-protect.org
startseite Valid HTML 4.01 Transitional Ranking-Hits