Command Service

R

Rasti

New member
Hallo,
wie bekomme ich die Meldung über Command Service weg, sie lassen sich nicht entfernen. Was ist das überhaupt ?
Ich benutze Spybot 1.4 mit dem neuesten Update


Command Service: Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService

Grüße Rainer
 
Hallo Raman, danke für die schnelle Antwort,
hier der Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:00:33, on 14.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
D:\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe
D:\Steganos Security Suite 2007\SteganosHotKeyService.exe
D:\Steganos Security Suite 2007\fredirstarter.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Schmaili88\schmaili.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\PrintKey2000\Printkey2000.exe
d:\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\drivers\crauto.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\drivers\IMountSRV.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
d:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\SatSrv.exe
d:\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
d:\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 O1 - Hosts: 127.255.255.255 images...]http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DA3D6D4-35F5-4DA1-9A8F-2C3B29E06BE7}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - d:\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - d:\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: crauto - Unknown owner - C:\WINDOWS\system32\drivers\crauto.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\system32\drivers\IMountSRV.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PMounter - Unknown owner - C:\Paragon FM\Ext2\PMounter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 
Last edited:
Das sieht im grossen und ganzen gut aus. Hast du schon versucht Spybot, die von ihm gefundenen Eintraege im abgesicherten Modus, loeschen zu lassen?

So wie es aussieht, sind das deaktivierte Serviceeintraege. Also nicht gefaehrlich, nur deaktivierte "Reste". Ich hake mal nach, warum Spybot die nicht loescht.

Du kannst deinen Rechner mal mit diesen Einstellungen deinen Rechner pruefen lassen: http://board.protecus.de/t23979.htm

Besuche auch www.windowsupdate.com , um dein Windows auf dem neusten Stand zu bringen...
 
ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 2
Feb 21, 2007 09:18:17


---> Begin Service Listing <---

Unknown Service # 1
Service Name: AntiVirScheduler
Display Name: AntiVir PersonalEdition Classic Planer
Start Mode: Auto
Start Name: LocalSystem
Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\sched.exe
State: Running
Process ID: 976
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 2
Service Name: AntiVirService
Display Name: AntiVir PersonalEdition Classic Guard
Start Mode: Auto
Start Name: LocalSystem
Description: Bietet permanente Schutz vor Viren und Malware mit der AntiVir ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\avguard.exe
State: Running
Process ID: 1128
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 3
Service Name: BthServ
Display Name: Bluetooth Support Service
Start Mode: Auto
Start Name: NT AUTHORITY\LocalService
Description: ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k bthsvcs
State: Running
Process ID: 1064
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 4
Service Name: CLCapSvc
Display Name: CyberLink Background Capture Service (CBCS)
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "d:\home cinema\powercinema\kernel\tv\clcapsvc.exe"
State: Running
Process ID: 1312
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 5
Service Name: CLSched
Display Name: CyberLink Task Scheduler (CTS)
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "d:\home cinema\powercinema\kernel\tv\clsched.exe"
State: Running
Process ID: 2136
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 6
Service Name: crauto
Display Name: crauto
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\drivers\crauto.exe
State: Running
Process ID: 1348
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 7
Service Name: CyberLink Media Library Service
Display Name: CyberLink Media Library Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\cyberlink\shared files\clml_ntservice\clmlserver.exe"
State: Running
Process ID: 1372
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 8
Service Name: FirebirdServerMAGIXInstance
Display Name: Firebird Server - MAGIX Instance
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: d:\common\database\bin\fbserver.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 9
Service Name: gusvc
Display Name: Google Updater Service
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\google\common\google updater\googleupdaterservice.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 10
Service Name: hpqwmiex
Display Name: hpqwmiex
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\hewlett-packard\shared\hpqwmiex.exe
State: Running
Process ID: 788
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 11
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: Provides support for the Running Object Table for InstallShield ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\installshield\driver\1050\intel 32\idrivert.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 12
Service Name: IMountSRV
Display Name: IMountSRV
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\drivers\imountsrv.exe
State: Running
Process ID: 1472
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 13
Service Name: LightScribeService
Display Name: LightScribeService Direct Disc Labeling Service
Start Mode: Auto
Start Name: LocalSystem
Description: Used by the LightScribe software components to support 3rd party disc labeling applications using ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\lightscribe\lssrvc.exe"
State: Running
Process ID: 1488
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 14
Service Name: NBService
Display Name: NBService
Start Mode: Manual
Start Name: LocalSystem
Description: Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs ...
Service Type: Own Process
Path: d:\nero 7\nero backitup\nbservice.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 15
Service Name: PMounter
Display Name: PMounter
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\paragon fm\ext2\pmounter.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 16
Service Name: RichVideo
Display Name: Cyberlink RichVideo Service(CRVS)
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\cyberlink\shared files\richvideo.exe"
State: Running
Process ID: 1564
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 17
Service Name: SandraDataSrv
Display Name: Sandra Data Service
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: d:\sisoftware sandra lite 2007\win32\rpcdatasrv.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 18
Service Name: SandraTheSrv
Display Name: Sandra Service
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: d:\sisoftware sandra lite 2007\rpcsandrasrv.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 19
Service Name: StarWindService
Display Name: StarWind iSCSI Service
Start Mode: Auto
Start Name: LocalSystem
Description: Enables network access to local devices via iSCSI ...
Service Type: Own Process
Path: d:\alcohol soft\alcohol 120\starwind\starwindservice.exe
State: Running
Process ID: 572
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 20
Service Name: Steganos AntiTheft
Display Name: Steganos AntiTheft
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\\satsrv.exe
State: Running
Process ID: 676
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #21
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{08fac9aa-0870-4035-86ac-e3466133c53e}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 22
Service Name: TUWinStylerThemeSvc
Display Name: TuneUp WinStyler Theme Service
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\tuneup utilities 2006\winstylerthemesvc.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 23
Service Name: usnjsvc
Display Name: Messenger USN Journal Reader-Service für freigegebene Ordner
Start Mode: Manual
Start Name: LocalSystem
Description: Ein von Messenger installierter Service, der Freigabeszenarien ...
Service Type: Own Process
Path: "c:\programme\msn messenger\usnsvc.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 100 Win32 services on this machine.
23 were unrecognized.

Script Execution Time: 0,84375 seconds.
 
Sonderbar. Du kannst die von Spybot gemeldeten Eintraege auch mit Hilfe von Regedit entfernen. Schau bitte, welche Dateien ueber den Serviceeintrag gestartet werden soll
 
auch mit Regedit lassen sich die Einträge nicht löschen

(cmdService kann nicht gelöscht werden:Fehler beim löschen des Schlüssels)
 
Was fuer Werte sind fuer den Schluessel eingetragen( rechtes Fenster von Regedit, oder exportiere den Schluessel, oeffne den exportierten Schluessel(.reg Datei) und poste den Inhalt hier.
 
You must log in or register to reply here.
Back
Top