| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.07.2009, 19:04
| #16 |
 |  Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sich Drivers: Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/28 20:01
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7667000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7492000 Size: 188800 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA931D000 Size: 138112 File Visible: - Signed: -
Status: -
Name: amdk7.sys
Image Path: C:\WINDOWS\system32\DRIVERS\amdk7.sys
Address: 0xBA780000 Size: 41856 File Visible: - Signed: -
Status: -
Name: asliahmy.sys
Image Path: C:\DOKUME~1\Max\LOKALE~1\Temp\asliahmy.sys
Address: 0xA5E6C000 Size: 81664 File Visible: No Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF782A000 Size: 98304 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF056000 Size: 315392 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 278528 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB98DB000 Size: 2125824 File Visible: - Signed: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF0EF000 Size: 2678784 File Visible: - Signed: -
Status: -
Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0A3000 Size: 311296 File Visible: - Signed: -
Status: -
Name: atitray.sys
Image Path: C:\Programme\Ray Adams\ATI Tray Tools\atitray.sys
Address: 0xBA6E6000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF37D000 Size: 1290240 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB9CBF000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79B1000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA790000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA760000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: -
Status: -
Name: cmudax3.sys
Image Path: C:\WINDOWS\system32\drivers\cmudax3.sys
Address: 0xB9B29000 Size: 1512960 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7842000 Size: 154112 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798B000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA770000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8A66000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F1000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA93EF000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB9FD6000 Size: 4096 File Visible: - Signed: -
Status: -
Name: el90Xbc5.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS
Address: 0xA5E08000 Size: 66560 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76F7000 Size: 44672 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7967000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79AF000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7868000 Size: 126336 File Visible: - Signed: -
Status: -
Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xBA504000 Size: 10624 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF77EF000 Size: 17152 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF779F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA6100000 Size: 264832 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB9E92000 Size: 52992 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA9197000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA93C0000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37632 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF775F000 Size: 25216 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB9AE2000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7950000 Size: 92288 File Visible: - Signed: -
Status: -
Name: L8042Kbd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
Address: 0xBA508000 Size: 13568 File Visible: - Signed: -
Status: -
Name: L8042mou.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Address: 0xB9E82000 Size: 56448 File Visible: - Signed: -
Status: -
Name: LMouKE.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
Address: 0xB9857000 Size: 72448 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79B3000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7757000 Size: 23552 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA91BD000 Size: 456576 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77AF000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB9E42000 Size: 35072 File Visible: - Signed: -
Status: -
Name: msmpu401.sys
Image Path: C:\WINDOWS\system32\drivers\msmpu401.sys
Address: 0xB9CC0000 Size: 2944 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7927000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA746000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7A22000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA500000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA680A000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB9840000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB9E12000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76C7000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA933F000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77B7000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB9FD7000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv_agp.sys
Image Path: nv_agp.sys
Address: 0xF789B000 Size: 13568 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7657000 Size: 61696 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB9869000 Size: 80384 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79BD000 Size: 7040 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7481000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCI_PNP9098
Image Path: \Driver\PCI_PNP9098
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB9B05000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB982F000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7777000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7647000 Size: 36320 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA712000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB9E72000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB9E62000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB9E52000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF777F000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA922D000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79B5000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB97FF000 Size: 196224 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6010000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SASDIFSV.SYS
Image Path: C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF77BF000 Size: 24576 File Visible: - Signed: -
Status: -
Name: SASKUTIL.sys
Image Path: C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xA9258000 Size: 151552 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF74C1000 Size: 98304 File Visible: - Signed: -
Status: -
Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xA671E000 Size: 40960 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA50C000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB9EA2000 Size: 65536 File Visible: - Signed: -
Status: -
Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xF7B40000 Size: 73728 File Visible: - Signed: -
Status: -
Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF771F000 Size: 32768 File Visible: - Signed: -
Status: -
Name: sfsync02.sys
Image Path: sfsync02.sys
Address: 0xF7717000 Size: 20544 File Visible: - Signed: -
Status: -
Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xF7A0F000 Size: 77824 File Visible: - Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spxc.sys
Image Path: spxc.sys
Address: 0xF74D9000 Size: 1036288 File Visible: No Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA651C000 Size: 334848 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79A9000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA65DE000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9367000 Size: 361344 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7767000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB9E32000 Size: 40704 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB97A1000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79AB000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF77E7000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB9E22000 Size: 59520 File Visible: - Signed: -
Status: -
Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF77DF000 Size: 17152 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB9C9B000 Size: 147456 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF77A7000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB98C7000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 53760 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7471000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA9463000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6507000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
|
|
28.07.2009, 19:05
| #17 |
| | Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sich Stealth Objects:
__________________Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/28 20:01
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a2aa1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a0ee1f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a0f31f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8a0481f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a3181f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a2ac1f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89c021f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89c021f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c021f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c021f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89c021f8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89c021f8 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x89bde500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_CREATE]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_CLOSE]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_READ]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_CLEANUP]
Process: System Address: 0x89f14500 Size: 121
Object: Hidden Code [Driver: CdfsЅఐ卆浩#, IRP_MJ_PNP]
Process: System Address: 0x89f14500 Size: 121
Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/28 20:02
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================
Hidden Services
-------------------
Service Name: ovafog
Image Path%SystemRoot%\system32\svchost.exe -k netsvcs
|
|
29.07.2009, 09:03
| #18 |
| /// Helfer-Team    | Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sich hi
__________________Was sind Rootkits? - Rootkit/Definition wie es aussieht, bleibt Dir eine komplette Neuinstallation nicht erspart! Den "Auslieferungszustand wiederherzustellen" bzw so dass Du zu 100% dein System vertrauen kannst, ist nur mit Neuinstallation jeweils eine Änderung der Passwort und Zugangsdaten möglich Wenn Du ganz sicher sein willst, dann würde Dich dazu raten |
|
29.07.2009, 13:21
| #19 |
| | Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sich Werde ich dann wohl mal besser machen.  Danke für deine nette Hilfe. =) |
|
11.12.2009, 17:15
| #20 |
| |  Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sich WINDOWS-AUDIODIENST AKTIVIEREN: Also erst: Verwaltung / Dienste / Dienst MULTIMEDIA-KLASSENPLANER aktivieren! Danach: 1 Dienste/ Windows-Audio -starten- 2 Anmelden/ "Dieses Konto" > Lokale Dienst -eintragen- 3 Passwörte: löschen! (Wichtig!) 4 ÜBERNEHMEN (Sonst keine Aenderung!) 5 Zurück zu Allgemein / STARTEN -klicken- Bei mir hat es funktioniert! Sound ist wieder da!  |
|
| Themen zu Windows Audio-Dienst nach zufälliger Zeit beendet; Windowsstil ändert sich |
| ad-aware, ad-watch, adobe, bho, browser, dll, explorer, firefox, google, hijackthis, hkus\s-1-5-18, icq, internet, internet explorer, logfile, microsoft, mozilla, neu, pdf, plug-in, problem, programme, rundll, software, system, taskleiste, windows, windows xp |
Linear-Darstellung
