von Viren
|
von Viren erstellte Dienste in Windows
BEISPIEL:
Start -> Ausführen --> schreib rein: notepad -- klicke OK. oder , falls das Kommando nicht funktoniert, öffne den TextEditor.... Dann kopiere folgenden Text rein:
Auf dem Desktop abspeichern [Gebe bei Dateityp 'Alle Dateien' an.] als delete.bat. --> Doppeltklicken 
ServiceFilter.zip
ServiceFilter.zip
- entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren
BEISPIEL:
HijacktHis
klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK!
"Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert" 32bit Printer Driver commdlg Client Server Runtime Service fwnet64 msinit msacm32 MsLX32 netconf32 Performance True Type Fonts Remote Procedure Call (RPC) Monitoring Win32Sr
Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke nach jedem O.K.
sc delete 32bit Printer Driver sc delete commdlg32 sc delete csrss32 sc delete fwnet sc delete Microsoft Scheduling Agent sc delete msacm32 sc delete MsLX32 sc delete netconf32 sc delete PerfFont sc delete Rpcmon sc delete Win32Sr
avpe32_haxdoor
O20 - Winlogon Notify: avpe32 - avpe32.dll
capapi32
C:\WINDOWS\system32\mmfc.exe C:\WINDOWS\system32\setups.bak C:\WINDOWS\system32\netlib32.dll C:\WINDOWS\system32\capapi32.dll
directlujp
Troj/Crybot-C wird als ein neuer Systemtreiberdienst namens "DirectLujp" mit dem Anzeigenamen "DirectX Service"
dragonage
O23 - Service: Dragon Age - Bioware - Unknown owner - C:\WINDOWS\System32\dllcache\dragonage.exe
f3490d74d7cdrv
O23 - Service: WindowInstallSystem - Unknown - C:\WINDOWS\f3490d74d7c.exe C:\WINDOWS\f3490d74d7c.ini , C:\WINDOWS\f3490d74d7cdrv.sys
FireDaemon Service
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
Hardware Clock Driver
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
ldr64_dll
O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll
integitor
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"
lsass
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
lsass_1
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg.dll" O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
mcfcc4
O20 - Winlogon Notify: mcfCC4 - mcfCC4.dll
microsoftagent
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\ppcdost.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rltwvknv.exe
mousehs
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe
msasvc_exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
msinfomgr_sys
W32.Naras - msinfomgr.sys,msinfmgr.exe,msinfdll.dll
msupdate1
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\system32\msupd.exe
msupdate
O23 - Service: Miscrosoft Updates Service (MsUpdate) - Unknown owner - C:\WINDOWS\System32\msupd.exe
netmon
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TVc\command.exe
nprotect
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\system32\nprotect.exe
nvsvcd
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
oreans32
C:\WINDOWS\system32\drivers\oreans32.sys
powermanager
O23 - Service: Power Manager - Unknown - C:\WINDOWS\svchost.exe
pptp16_haxdoor
O20 - Winlogon Notify: pptp16 - C:\WINDOWS\SYSTEM32\pptp16.dll
printpnp_goldrun
O20 - Winlogon Notify: printpnp - printpnp.dll O20 - Winlogon Notify: printpnp - E:\WINNT\SYSTEM32\printpnp.dll O20 - Winlogon Notify: qopol - E:\WINNT\SYSTEM32\qopol.dll
prxsvc
O21 - SSODL: prxsvc - {725A9115-9EBB-42D6-BFC0-B1579CF4184F} - prxsvc.dll O23 - Service: MSDN Driver (msdndr) - Unknown owner - C:\WINDOWS\system32\msdndr.pif
rdriv
28.11.2005 14:35 7.168 rdriv.sys - Troj/Rootkit-W O23 - Service: shost.exe - Unknown owner - C:\WINDOWS\shost.exe
remonsys
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe C:\Windows\System32\remon.sys C:\WINDOWS\taskcntr.exe
rpcmon
O23 - Service: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINDOWS\System32\Rpcmon.exe
runas
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntuser.exe O23 - Service: NTLOAD - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe O23 - Service: NTSVCMGR - Unknown owner - C:\WINNT\SYSTEM\DRIVER\ntsrv.exe
secure_system
O23 - Service: Secure System - Unknown owner - C:\WINNT\system32\integitor.exe"
seppgs_dll
O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
service
O21 - SSODL: IEFilter - {FEA298D0-0E55-4A48-B881-8D4EB4E45CFB} - C:\WINDOWS\system32\IEFilter.dll O21 - SSODL: IEFilter - {1287459E-BDAB-462A-B57A-E2D9D247D597} - F:\WINDOWS\system32\IEFilter.dll
services
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
shost
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe
sndu_haxdoor
O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll O20 - Winlogon Notify: msupdate - msupdate32.dll
spdcheck
O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe
sptrojan
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä.#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apphi.exe
svchost_cmd
O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd
svkvpn_haxdoor
O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll
sysbus32_sys
32bit system bus driver: \??\C:\WINDOWS\System32\drivers\sysbus32.sys (autostart)
sysdat
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe
sysmgr64
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
taskcntr
O23 - Service: SMSS - Unknown owner - C:\WINDOWS\smss.exe O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe O23 - Service: Windows 32 Bit (Windows 32 Bit Drivers) - Unknown owner - C:\WINDOWS\WinVid32.exe
taskshed_nlsys32
O23 - Service: DLTC(dltc) (DLTC) - Unknown owner - C:\WINNT\system32\nlsys32.exe O23 - Service: TskScheduler - Unknown owner - C:\WINNT\taskshed.exe O23 - Service: WmDmPsp - Unknown owner - C:\WINNT\system32\sysdtc32.exe
tilebot
lpdriver.sys
tkscupy_exe
O23 - Service: nIOLGN - Unknown owner - C:\:tKSCupy.exe
upnp_exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP Configuration) - Unknown owner - C:\WINDOWS\System32\upnp.exe
upnpdrv
O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe
virendienste
O23 - Service: dllmgr64 - Unknown owner - D:\WINDOWS\dllmgr64.exe O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe O23 - Service: Microsoft Background Intelligent Transfer Update Version 2.0 (MBIT) - Unknown owner - C:\WINDOWS\system32\msbitsec.exe O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe O23 - Service: Windows Ndis Driver (zions.game-host.org) - Unknown owner - C:\WINDOWS\System32\WinSys32s.exe" -netsvcs O23 - Service: Windows Debug Management - Unknown owner - C:\WINDOWS\system32\mscn.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe O23 - Service: mtc l32 (mtcl32) - Unknown owner - C:\WINDOWS\mtcls32.exe
wdfmgr
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe
wgareg
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINNT\system32\wgareg.exe
winarc
Path: "c:\windows\windat.exe" - Root\LEGACY_WINARC
wincom32_sys
ImagePath = \??\%SYSDIR%\wincom32.sys
windowsoverlaycomponents
O23 - Service: Windows Overlay Components - Unknown - C:\WINDOWS\hccyqwo.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aporukw.exe
winklmg
O23 - Service: Winklmg - Unknown owner - C:\WINDOWS\System32\Winklmg.exe
winlogon
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
winmgnt
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
wsock32sys
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe
wurmd
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe O23 - Service: Windows User Mode Drivers (WUMD) - Unknown owner - C:\WINDOWS\system32\wumd.exe
xmm13g_haxdoor
O20 - Winlogon Notify: scsiusr4 - scsiusr4.dll O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll
xprotector
c:\windows\system32\drivers\xprotector.sys
xptptt_haxdoor
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll 
|
