Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   services.exe PROBLEM (https://www.trojaner-board.de/37036-services-exe-problem.html)

taktiker0815 13.03.2007 20:44
krass krasss krassss


ich kann den such-assistenten nicht ausführen !!
er sagt mir das es nicht gefunden wurde müsse wohl den setupAssisten ausführen ??

verstehe das nicht !

Berferd 13.03.2007 20:50
Hallo,

evtl. wurden Systemdateien manipuliert.
Lade folgendes tool runter: http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
scan dein System damit und poste das logfile.

Evtl. wurden Systemdateien manipuliert.

Leider muß ich gleich weg...

Gruß
Oskar

taktiker0815 13.03.2007 21:02
McAfee(R) Rootkit Detective 1.0 Beta scan report
On 13-03-2007 at 20:54:52
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\sptd.sys

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path:

Object-Type: Registry-key
Object-Name: 001060a6db02E
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060a6db02
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: 001060a6db02olSet001\Services\sptd\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a6db02
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4HPORT\Parameters\Keys\001060a6db02
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-key
Object-Name: 001060a6db02olSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060a6db02
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: File/Folder
Object-Name: System Idle Process
Pid: n/a
Object-Path: System Idle Process
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 1028
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1288
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: atiptaxx.exe
Pid: 780
Object-Path: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 1040
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 548
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: sched.exe
Pid: 292
Object-Path: C:\Programme\AntiVir PersonalEdition Classic\sched.exe
Status: Visible

Object-Type: Process
Object-Name: SynTPEnh.exe
Pid: 552
Object-Path: C:\Programme\Synaptics\SynTP\SynTPEnh.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1324
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: SMAgent.exe
Pid: 560
Object-Path: C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
Status: Visible

Object-Type: Process
Object-Name: MagicKBD.exe
Pid: 1588
Object-Path: C:\Programme\Samsung\MagicKBD\MagicKBD.exe
Status: Visible

Object-Type: Process
Object-Name: avguard.exe
Pid: 312
Object-Path: C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
Status: Visible

Object-Type: Process
Object-Name: FNPLicensingSer
Pid: 3900
Object-Path: C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
Status: Visible

Object-Type: Process
Object-Name: avgnt.exe
Pid: 1088
Object-Path: C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1860
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 328
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: PAStiSvc.exe
Pid: 584
Object-Path: C:\WINDOWS\system32\PAStiSvc.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 612
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1392
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 2160
Object-Path: C:\WINDOWS\system32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1916
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: AGRSMMSG.exe
Pid: 1148
Object-Path: C:\WINDOWS\AGRSMMSG.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 900
Object-Path: C:\Dokumente und Einstellungen\Besitzer\Desktop\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: blbeta.exe
Pid: 3464
Object-Path: C:\Dokumente und Einstellungen\Besitzer\Desktop\blbeta.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1184
Object-Path: C:\WINDOWS\system32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1196
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1968
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 1712
Object-Path: C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
Status: Visible

Object-Type: Process
Object-Name: SMax4PNP.exe
Pid: 948
Object-Path: C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 1724
Object-Path: C:\WINDOWS\system32\rundll32.exe
Status: Visible

Object-Type: Process
Object-Name: SynTPLpr.exe
Pid: 964
Object-Path: C:\Programme\Synaptics\SynTP\SynTPLpr.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 984
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 2012
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 484
Object-Path: C:\WINDOWS\system32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: acrotray.exe
Pid: 1768
Object-Path: D:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1516
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

taktiker0815 13.03.2007 21:14
hallo trott !!

hab den scan durchgeführt !

hat nix gefunden !!

taktiker0815 13.03.2007 21:17
03/13/07 20:47:27 [Info]: BlackLight Engine 1.0.55 initialized
03/13/07 20:47:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/13/07 20:47:27 [Note]: 7019 4
03/13/07 20:47:27 [Note]: 7005 0
03/13/07 20:47:35 [Note]: 7006 0
03/13/07 20:47:35 [Note]: 7011 1916
03/13/07 20:47:35 [Note]: 7026 0
03/13/07 20:47:35 [Note]: 7026 0
03/13/07 20:47:54 [Note]: FSRAW library version 1.7.1021
03/13/07 21:04:22 [Note]: 7006 0
03/13/07 21:04:22 [Note]: 7011 1916
03/13/07 21:04:23 [Note]: 7026 0
03/13/07 21:04:23 [Note]: 7026 0
03/13/07 21:04:26 [Note]: FSRAW library version 1.7.1021
03/13/07 21:11:20 [Note]: 2000 1012
03/13/07 21:11:20 [Note]: 2000 1012
03/13/07 21:12:37 [Note]: 7007 0

trott 13.03.2007 21:24
ja also mit dsem mcaffee kenn ich mich net so aus, scheint aber auch unauffällig zu sein. Hattest du nunmal einen Virus oder ähnliches drauf?
Ansonsten könntest du mithilfe der Windows XP Start CD eine Reparatur durchführen. Anleitung einfach mal googeln.
Da bei dir anscheinend doch ein paar Systemdateien fehlen/verschwunden sind!
Berichte mal!

mfg


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:50 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19