| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: services.exe PROBLEMWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.03.2007, 20:44
| #16 |
 |  services.exe PROBLEM krass krasss krassss ich kann den such-assistenten nicht ausführen !! er sagt mir das es nicht gefunden wurde müsse wohl den setupAssisten ausführen ?? verstehe das nicht ! |
|
13.03.2007, 20:50
| #17 |
| | services.exe PROBLEM Hallo,
__________________evtl. wurden Systemdateien manipuliert. Lade folgendes tool runter: http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip scan dein System damit und poste das logfile. Evtl. wurden Systemdateien manipuliert. Leider muß ich gleich weg... Gruß Oskar |
|
13.03.2007, 21:02
| #18 |
| | services.exe PROBLEM McAfee(R) Rootkit Detective 1.0 Beta scan report
__________________On 13-03-2007 at 20:54:52 OS-Version 5.1.2600 Service Pack 2.0 ==================================== Object-Type: SSDT-hook Object-Name: ZwCreateKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: SSDT-hook Object-Name: ZwEnumerateKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: SSDT-hook Object-Name: ZwEnumerateValueKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: SSDT-hook Object-Name: ZwOpenKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: SSDT-hook Object-Name: ZwQueryKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: SSDT-hook Object-Name: ZwQueryValueKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: SSDT-hook Object-Name: ZwSetValueKey Object-Path: C:\WINDOWS\system32\drivers\sptd.sys Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_POWER Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_READ Object-Path: Object-Type: IRP-hook Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE Object-Path: Object-Type: Registry-key Object-Name: 001060a6db02E Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060a6db02 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Unable to access registry key Object-Type: Registry-key Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Unable to access registry key Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: a0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: p0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: s1 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: s2 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: g0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-key Object-Name: 001060a6db02olSet001\Services\sptd\Cfg Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a6db02 Status: Hidden Object-Type: Registry-key Object-Name: 19659239224E364682FA4BAF72C53EA4HPORT\Parameters\Keys\001060a6db02 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-key Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-key Object-Name: 0Jf40M\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-key Object-Name: 001060a6db02olSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060a6db02 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Unable to access registry key Object-Type: Registry-key Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Unable to access registry key Object-Type: Registry-key Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: (Default) Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Unable to access registry key Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Status: Hidden Object-Type: Registry-value Object-Name: a0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Status: Hidden Object-Type: Registry-value Object-Name: p0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: khjeh Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Status: Hidden Object-Type: Registry-value Object-Name: s1 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: s2 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: g0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: Registry-value Object-Name: h0 Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg Status: Hidden Object-Type: File/Folder Object-Name: System Idle Process Pid: n/a Object-Path: System Idle Process Status: Visible Object-Type: Process Object-Name: services.exe Pid: 1028 Object-Path: C:\WINDOWS\system32\services.exe Status: Visible Object-Type: Process Object-Name: System Pid: 4 Object-Path: Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1288 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: atiptaxx.exe Pid: 780 Object-Path: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe Status: Visible Object-Type: Process Object-Name: lsass.exe Pid: 1040 Object-Path: C:\WINDOWS\system32\lsass.exe Status: Visible Object-Type: Process Object-Name: csrss.exe Pid: 548 Object-Path: C:\WINDOWS\system32\csrss.exe Status: Visible Object-Type: Process Object-Name: sched.exe Pid: 292 Object-Path: C:\Programme\AntiVir PersonalEdition Classic\sched.exe Status: Visible Object-Type: Process Object-Name: SynTPEnh.exe Pid: 552 Object-Path: C:\Programme\Synaptics\SynTP\SynTPEnh.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1324 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: SMAgent.exe Pid: 560 Object-Path: C:\Programme\Analog Devices\SoundMAX\SMAgent.exe Status: Visible Object-Type: Process Object-Name: MagicKBD.exe Pid: 1588 Object-Path: C:\Programme\Samsung\MagicKBD\MagicKBD.exe Status: Visible Object-Type: Process Object-Name: avguard.exe Pid: 312 Object-Path: C:\Programme\AntiVir PersonalEdition Classic\avguard.exe Status: Visible Object-Type: Process Object-Name: FNPLicensingSer Pid: 3900 Object-Path: C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe Status: Visible Object-Type: Process Object-Name: avgnt.exe Pid: 1088 Object-Path: C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe Status: Visible Object-Type: Process Object-Name: ati2evxx.exe Pid: 1860 Object-Path: C:\WINDOWS\system32\ati2evxx.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 328 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: PAStiSvc.exe Pid: 584 Object-Path: C:\WINDOWS\system32\PAStiSvc.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 612 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1392 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: alg.exe Pid: 2160 Object-Path: C:\WINDOWS\system32\alg.exe Status: Visible Object-Type: Process Object-Name: explorer.exe Pid: 1916 Object-Path: C:\WINDOWS\explorer.exe Status: Visible Object-Type: Process Object-Name: AGRSMMSG.exe Pid: 1148 Object-Path: C:\WINDOWS\AGRSMMSG.exe Status: Visible Object-Type: Process Object-Name: Rootkit_Detecti Pid: 900 Object-Path: C:\Dokumente und Einstellungen\Besitzer\Desktop\Rootkit_Detective.exe Status: Visible Object-Type: Process Object-Name: blbeta.exe Pid: 3464 Object-Path: C:\Dokumente und Einstellungen\Besitzer\Desktop\blbeta.exe Status: Visible Object-Type: Process Object-Name: ati2evxx.exe Pid: 1184 Object-Path: C:\WINDOWS\system32\ati2evxx.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1196 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible Object-Type: Process Object-Name: spoolsv.exe Pid: 1968 Object-Path: C:\WINDOWS\system32\spoolsv.exe Status: Visible Object-Type: Process Object-Name: jusched.exe Pid: 1712 Object-Path: C:\Programme\Java\jre1.5.0_11\bin\jusched.exe Status: Visible Object-Type: Process Object-Name: SMax4PNP.exe Pid: 948 Object-Path: C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe Status: Visible Object-Type: Process Object-Name: rundll32.exe Pid: 1724 Object-Path: C:\WINDOWS\system32\rundll32.exe Status: Visible Object-Type: Process Object-Name: SynTPLpr.exe Pid: 964 Object-Path: C:\Programme\Synaptics\SynTP\SynTPLpr.exe Status: Visible Object-Type: Process Object-Name: winlogon.exe Pid: 984 Object-Path: C:\WINDOWS\system32\winlogon.exe Status: Visible Object-Type: Process Object-Name: ctfmon.exe Pid: 2012 Object-Path: C:\WINDOWS\system32\ctfmon.exe Status: Visible Object-Type: Process Object-Name: smss.exe Pid: 484 Object-Path: C:\WINDOWS\system32\smss.exe Status: Visible Object-Type: Process Object-Name: acrotray.exe Pid: 1768 Object-Path: D:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe Status: Visible Object-Type: Process Object-Name: svchost.exe Pid: 1516 Object-Path: C:\WINDOWS\system32\svchost.exe Status: Visible |
|
13.03.2007, 21:14
| #19 |
| | services.exe PROBLEM hallo trott !! hab den scan durchgeführt ! hat nix gefunden !! |
|
13.03.2007, 21:17
| #20 |
| | services.exe PROBLEM 03/13/07 20:47:27 [Info]: BlackLight Engine 1.0.55 initialized 03/13/07 20:47:27 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/13/07 20:47:27 [Note]: 7019 4 03/13/07 20:47:27 [Note]: 7005 0 03/13/07 20:47:35 [Note]: 7006 0 03/13/07 20:47:35 [Note]: 7011 1916 03/13/07 20:47:35 [Note]: 7026 0 03/13/07 20:47:35 [Note]: 7026 0 03/13/07 20:47:54 [Note]: FSRAW library version 1.7.1021 03/13/07 21:04:22 [Note]: 7006 0 03/13/07 21:04:22 [Note]: 7011 1916 03/13/07 21:04:23 [Note]: 7026 0 03/13/07 21:04:23 [Note]: 7026 0 03/13/07 21:04:26 [Note]: FSRAW library version 1.7.1021 03/13/07 21:11:20 [Note]: 2000 1012 03/13/07 21:11:20 [Note]: 2000 1012 03/13/07 21:12:37 [Note]: 7007 0 |
|
13.03.2007, 21:24
| #21 |
| | services.exe PROBLEM ja also mit dsem mcaffee kenn ich mich net so aus, scheint aber auch unauffällig zu sein. Hattest du nunmal einen Virus oder ähnliches drauf? Ansonsten könntest du mithilfe der Windows XP Start CD eine Reparatur durchführen. Anleitung einfach mal googeln. Da bei dir anscheinend doch ein paar Systemdateien fehlen/verschwunden sind! Berichte mal! mfg |
|
| Themen zu services.exe PROBLEM |
| beendet, confused, desktop, fenster, festgestellt, fettes, gestellt, help, heulen, microsoft, proble, problem, rechner, sekunden, services.exe, starte |
Linear-Darstellung
