sysmgr64.exe


sysmgr64.exe, WINDOWS\lsass.exe, wiaadmgr.exe, nvsvc32.exe


C:\WINDOWS\lsass.exe
C:\windows\system32\wiaadmgr.exe
C:\WINDOWS\System32\nvsvc32.exe

weiter HijackThis

O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ddayy.dll
O4 - HKLM\..\Run: [MSPP System Update 64] C:\windows\system32\wiaadmgr.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntsys32.exe
O23 - Service: sysmgr64 - Unknown owner - C:\WINDOWS\sysmgr64.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

Unknown Service
Service Name: lsass
Display Name: Local Security Authority Subsystem Service
Start Mode: Auto
Start Name: LocalSystem
Description: Microsoft Path Finder Service Displays Internet Routing ...
Service Type: Own Process
Path: "c:\windows\lsass.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service
Service Name: sysmgr64
Display Name: sysmgr64
Start Mode: Auto
Start Name: LocalSystem
Description: Windows 64bit System ...
Service Type: Own Process

Path: "c:\windows\sysmgr64.exe" -->> Backdoor.SdBot.xd

State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

C:\WINDOWS\system32\eraseme_84567.exe -> Backdoor.SdBot.xd

weiter Datfindbat anwenden

Verzeichnis von C:\WINDOWS\system32
24.11.2005 18:34 605 yyadd.ini
24.11.2005 18:30 40.996 nvapps.xml
24.11.2005 18:30 236.550 guard.tmp -> l2mfix (Option 2 anwenden)
24.11.2005 16:25 236.550 oJkley.dll
24.11.2005 16:25 233.838 en8ml1l11.dll
24.11.2005 16:08 236.550 f8j2li1o18.dll
24.11.2005 13:29 237.140 k808lidu1808.dll
23.11.2005 15:15 236.932 p48qlel51hq.dll
23.11.2005 15:15 235.348 n0l8la3u1d.dll
20.11.2005 19:13 234.644 irp6l57s1.dll
20.11.2005 15:26 234.644 gp00l3dm1.dll
20.11.2005 01:28 235.890 p68q0gl5e6q.dll
19.11.2005 15:39 235.890 nant4cpl.dll
18.11.2005 21:57 70 i -->> W32/Sdbot.ftp -->> C:\WINDOWS\SYSTEM32\i
18.11.2005 15:48 235.405 dn6s01j7e.dll
18.11.2005 15:00 235.330 q6860glse6q60.dll
17.11.2005 22:24 236.099 irn4l55q1.dll
17.11.2005 17:58 236.472 m828lifu1828.dll
17.11.2005 00:36 236.217 u4rule991h.dll
16.11.2005 19:39 234.223 wsnmm.dll
16.11.2005 12:51 234.223 wkn87em.dll
16.11.2005 02:18 234.037 k426lefs1h26.dll
15.11.2005 15:15 235.524 kt84l7lq1.dll
14.11.2005 05:36 233.993 d2j0lc1m1f.dll
12.11.2005 23:03 235.787 s4rsle971h.dll
11.11.2005 21:55 233.993 bjowser.dll
11.11.2005 19:33 47.616 ntdat32.exe
11.11.2005 16:33 235.956 sbdpsrv.dll
11.11.2005 05:25 0 TFTP872
11.11.2005 05:19 236.726 mvjql9151.dll
11.11.2005 05:19 235.207 hr4605hse.dll
11.11.2005 03:39 20.480 wiaadmgr.exe
11.11.2005 03:34 234.253 dpdiagn.dll
11.11.2005 03:31 2.175.616 TUKernel.exe
11.11.2005 01:50 234.272 TrnLib20.dll
09.11.2005 20:29 393 ehhkj.ini -> Vundofix anwenden
09.11.2005 14:36 544.788 jkhhe.dll
09.11.2005 14:36 544.788 ddayy.dll
07.11.2005 23:31 0 TFTP3704

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSMGR64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysmgr64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SYSMGR64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysmgr64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSMGR64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmgr64]






startseite
virus-protect.org
startseite Valid HTML 4.01 Transitional Ranking-Hits