GMER:
--
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-11 20:43:22
Windows 5.1.2600
Running: srxyfk95.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\fxlorpoc.sys


---- System - GMER 1.0.15 ----

SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF77F3BB8]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreateKey [0xF77F3B70]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF77E7C70]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF77E84FE]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF77F3CB0]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF77F3B34]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF77E851E]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF77F3C06]
SSDT vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF77F3450]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 804FC688 4 Bytes [B8, 3B, 7F, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [70, 3B, 7F, F7] {JO 0x3d; JG 0xfffffffffffffffb}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C0 804FC6D8 4 Bytes [70, 7C, 7E, F7] {JO 0x7e; JLE 0xfffffffffffffffb}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 804FC740 4 Bytes [FE, 84, 7E, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [B0, 3C, 7F, F7] {MOV AL, 0x3c; JG 0xfffffffffffffffb}
.text ...
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7916B8D]
.text C:\WINDOWS\System32\drivers\ACEDRV09.sys section is writeable [0xA8E81000, 0x3326E, 0xE8000020]
.pklstb C:\WINDOWS\System32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0xA8EC6000]
.relo2 C:\WINDOWS\System32\drivers\ACEDRV09.sys unknown last section [0xA8EE2000, 0x8E, 0x42000040]
.text C:\WINDOWS\System32\DRIVERS\atksgt.sys section is writeable [0xA8CAB300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\System32\DRIVERS\lirsgt.sys section is writeable [0xF2984300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xA8A67F00, 0x24000, 0x48000000]
? C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\cofi\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\System32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollInfo 77D1466C 7 Bytes JMP 0254A68D C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollRange 77D193E8 3 Bytes JMP 0254A6E3 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollRange + 4 77D193EC 2 Bytes [8A, CC] {MOV CL, AH}
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!ShowScrollBar 77D2BE13 5 Bytes JMP 0254A711 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!GetScrollInfo 77D2C6AE 7 Bytes JMP 0254A615 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!GetScrollRange 77D2D6DF 6 Bytes JMP 0254A662 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!SetScrollPos 77D2D729 6 Bytes JMP 0254A6B8 C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!GetScrollPos 77D2D759 9 Bytes JMP 0254A63D C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Winamp\winamp.exe[1444] USER32.dll!EnableScrollBar 77D36C25 7 Bytes JMP 0254A5ED C:\Programme\Winamp\Plugins\gen_jumpex.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[6908] ntdll.dll!LdrLoadDll 77F46EA1 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\PeerGuardian2\pg2.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00CB2BC8] C:\WINDOWS\System32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1292] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00CB2CE9] C:\WINDOWS\System32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Winamp\winamp.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT D:\Downloads\Programme\GMER Rootkit Scanner\srxyfk95.exe[2188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[5284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\taskmgr.exe[5640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F32F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F32DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F32D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\QIP\qip.exe[6608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F32DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008A2D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Outlook Express\msimn.exe[6704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012F60] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012DB0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012D70] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Programme\Mozilla Firefox\firefox.exe[6908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012DC0] C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8637E500
Device \Driver\Cdrom \Device\CdRom0 861C5228
Device \FileSystem\Rdbss \Device\FsWrap 85D7EAC0
Device \Driver\Cdrom \Device\CdRom1 861C5228
Device \Driver\Cdrom \Device\CdRom2 861C5228
Device \FileSystem\Srv \Device\LanmanServer 85F9DE38
Device \Driver\nvatabus \Device\NvAta0 85EECD68
Device \Driver\nvatabus \Device\0000007b 85EECD68
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86247910
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86247910
Device \Driver\nvatabus \Device\0000007c 85EECD68
Device \FileSystem\Npfs \Device\NamedPipe 85F94DD0
Device \Driver\nvatabus \Device\0000007d 85EECD68
Device \Driver\nvatabus \Device\0000007e 85EECD68
Device \FileSystem\Msfs \Device\Mailslot 85FB9BB8
Device \Driver\vax347s \Device\Scsi\vax347s1 85DE1A80
Device \Driver\vax347s \Device\Scsi\vax347s1Port0Path0Target0Lun0 85DE1A80
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 85DC1AC0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 85DC1AC0
Device \FileSystem\Cdfs \Cdfs 85FA9C88

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% (Trial Version)
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% (Trial Version)

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Fxxxxxxx\Lokale Einstellungen\temp\fla1E.tmp 8336529 bytes
File C:\Dokumente und Einstellungen\Fxxxxxxx\Lokale Einstellungen\temp\plugtmp\plugin-crossdomain.xml 298 bytes

---- EOF - GMER 1.0.15 ----
--

OSAM:
---
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:51:04 on 11.05.2010

OS: Windows XP Professional (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\System32\lsdelete.exe (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl
"DIRECTX.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\DIRECTX.CPL
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\WINDOWS\System32\drivers\ACEDRV09.sys
"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\System32\Drivers\CVPNDRVA.sys
"Cisco Systems VPN Adapter" (CVirtA) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\CVirtA.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys
"fxlorpoc" (fxlorpoc) - ? - C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\fxlorpoc.sys (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"Logitech Kernel Audio Processing Filter Driver" (Lvckap) - "Logitech Inc." - C:\WINDOWS\system32\drivers\Lvckap.sys
"Logitech LVPrcMon Driver" (LVPrcMon) - "Logitech Inc." - C:\WINDOWS\system32\drivers\LVPrcMon.sys
"Logitech Machine Vision Engine Loader" (lvmvdrv) - "Logitech Inc." - C:\WINDOWS\system32\drivers\lvmvdrv.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\System32\mbmiodrvr.sys
"mbr" (mbr) - ? - C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"NetworkX" (NetworkX) - ? - C:\WINDOWS\system32\ckldrv.sys (File found, but it contains no detailed information)
"Nokia USB Generic" (nmwcdc) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcdc.sys
"Nokia USB Modem" (nmwcdcm) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcdcm.sys
"Nokia USB Phone Parent" (nmwcd) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcd.sys
"Nokia USB Port" (nmwcdcj) - "Nokia" - C:\WINDOWS\System32\drivers\nmwcdcj.sys
"OrangeWare USB 2.0 Root Hub Support" (ousb2hub) - "OrangeWare Corporation" - C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
"OrangeWare USB Enhanced Host Controller Service" (ousbehci) - "OrangeWare Corporation" - C:\WINDOWS\System32\Drivers\ousbehci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"pgfilter" (pgfilter) - ? - C:\Programme\PeerGuardian2\pgfilter.sys (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys
"Sony Ericsson Device 217 driver (WDM)" (s217bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217bus.sys
"Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)" (s217nd5) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217nd5.sys
"Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)" (s217unic) - "MCCI" - C:\WINDOWS\System32\DRIVERS\s217unic.sys
"Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)" (s217mgmt) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217mgmt.sys
"Sony Ericsson Device 217 USB WMC Modem Driver" (s217mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217mdm.sys
"Sony Ericsson Device 217 USB WMC Modem Filter" (s217mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217mdfl.sys
"Sony Ericsson Device 217 USB WMC OBEX Interface" (s217obex) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s217obex.sys
"Sony Ericsson Device 916 driver (WDM)" (s916bus) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s916bus.sys
"Sony Ericsson Device 916 USB WMC Modem Driver" (s916mdm) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s916mdm.sys
"Sony Ericsson Device 916 USB WMC Modem Filter" (s916mdfl) - "MCCI Corporation" - C:\WINDOWS\System32\DRIVERS\s916mdfl.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\Drivers\truecrypt.sys
"TSP" (TSP) - ? - C:\WINDOWS\system32\drivers\klif.sys (File not found)
"vax347b" (vax347b) - " " - C:\WINDOWS\System32\DRIVERS\vax347b.sys
"vax347s" (vax347s) - " " - C:\WINDOWS\System32\Drivers\vax347s.sys
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\System32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\System32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll
{AC54FB61-7D59-49A9-BA7C-C36E084D547E} "Mp3/Tag Studio shell extension" - ? - (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\System32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\System32\dfshim.dll
{B8323370-FF27-11D2-97B6-204C4F4F5020} "SmartFTP Shell Extension DLL" - "SmartFTP" - C:\Programme\SmartFTP Client 2.0\smarthook.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{FE063DB9-4EC0-403E-8DD8-394C54984B2C}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) /
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\System32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\System32\wuweb.dll / hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253106379484
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"PeerGuardian.lnk" - "Methlabs" - C:\Programme\PeerGuardian2\pg2.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Fxxxxxxxxxx\Startmenü\Programme\Autostart\desktop.ini
"Rainlendar.lnk" - "Rainy" - C:\Programme\Rainlendar\Rainlendar.exe (Shortcut exists | File exists)
"Verknüpfung mit K9.lnk" - "KeirNet" - C:\Programme\k9v1\K9.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"TVgenial" - ? - C:\Programme\TVgenial\TVgenial.exe -d (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"MBM 5" - "Alex van Kaam" - "C:\Programme\Motherboard Monitor 5\MBM5.EXE"
"NVMixerTray" - "NVIDIA Corporation" - "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ad-Aware 2007 Service" (aawservice) - "Lavasoft AB" - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"CLCV0" (UTSCSI) - ? - C:\WINDOWS\System32\UTSCSI.EXE
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Logitech Process Monitor" (LVPrcSrv) - "Logitech Inc." - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Programme\MSN Messenger\usnsvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\System32\PnkBstrA.exe (File found, but it contains no detailed information)
"wscsvc" (wscsvc) - ? - C:\WINDOWS\system32\wscsvc.dll (File not found)
"xmlprov" (xmlprov) - ? - C:\WINDOWS\System32\xmlprov.dll (File not found)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
---

Zitat:

"fxlorpoc" (fxlorpoc) - ? - C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\fxlorpoc.sys (Hidden registry entry, rootkit activity | File not found)

Bitte mit OSAM deaktivieren + löschen (delete from storage)

Schon gemacht, daher "File not Found" Denke damit ist alles behoben und wunderbar

Danke nochmal

Nein, das file not found kann durch was anderes kommen!! Hast Du das nun mit OSAM wie in der Anleitung beschrieben war, deaktiviert + gelöscht?

Ja, hab ich dann auch noch gemacht.

Ok. Dann mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SuperAntiSpyware kann ich aufgrund irgendwelcher Probleme mit dem Windows-Installer-Dienst nicht installieren =/ Wird wohl wirklich Zeit für ein neues OS...

Malwarebytes hat auf jeden Fall nichts gefunden. Hier das Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4090

Windows 5.1.2600
Internet Explorer 6.0.2600.0000

12.05.2010 09:52:18
mbam-log-2010-05-12 (09-52-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 164726
Laufzeit: 31 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

---

Da auch alles wieder sauber läuft, denke ich, dass da nichts mehr ist. Danke nochmal

Nagut. Dann spiel jetzt unbedingt alle Updates ein! SP3 und IE8 sind Pflicht!

Danach nochmal manuell die Updates die nach dem SP3 erschienen sind prüfen. Halte Dich nach der SP3-Installation am besten hier dran:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Danke
Windows-Updates sind bei meiner installierten Version von XP leider nicht drin Daher werd ich wohl zusehen, dass ich mir eine Studentenversion o.ä. von XP SP3 besorge oder doch einfach Win 7 installiere.

FoxIt läuft bei mir bereits als standard Reader. Der Acrobat Reader muss aber leider installiert sein, da ein anderes Programm (Dialogys, Renault-Werkstattprogramm) darauf aufbaut.


Danke noch einmal für die schnelle Hilfe!

Die Updates kannst Du auch für das Windows kostenlos herunterladen und installieren.

http://www.microsoft.com/downloads/d...DisplayLang=de

Aah, sehr gut. Danke System läuft jetzt als SP3. Sehr schön.
Danke nochmal für die tolle Hilfe.

PS: Haha - ich hab vorhin eine Mail vom T-Online Abuse-Team bekommen, dass mein Port 25 aufgrund extrem hoher Aktivität vorübergehend geblockt wird

Du hattest auch ein Rootkit drauf. An für sich empfiehlt man bei Befall eher ein format c: denn ist ist definitiv sicherer und der Dreck ist mit Garantie weg.