flacor.dat Fehlermeldung (RUNDLL) bei Windows-Start - kritisch?

cosinus · 27.04.2011, 09:25

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

CLMarkus · 27.04.2011, 12:13

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-27 12:36:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320820AS rev.3.AAC
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\mr\LOKALE~1\Temp\fgtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            F7C709AE                                                                                                 ZwCreateKey
SSDT            F7C709A4                                                                                                 ZwCreateThread
SSDT            F7C709B3                                                                                                 ZwDeleteKey
SSDT            F7C709BD                                                                                                 ZwDeleteValueKey
SSDT            F7C709C2                                                                                                 ZwLoadKey
SSDT            F7C70990                                                                                                 ZwOpenProcess
SSDT            F7C70995                                                                                                 ZwOpenThread
SSDT            F7C709CC                                                                                                 ZwReplaceKey
SSDT            F7C709C7                                                                                                 ZwRestoreKey
SSDT            F7C709B8                                                                                                 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                 section is writeable [0xF641A360, 0x3441C7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y!  71230

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:08:55 on 27.04.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.10.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\CoFi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fgtdypow" (fgtdypow) - ? - C:\DOKUME~1\mr\LOKALE~1\Temp\fgtdypow.sys  (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Steganos Live Encryption Engine 15 [Driver]" (SLEE_15_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\WINDOWS\system32\drivers\Sleen15.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.0.0812.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Programme\Steganos Safe Home\ShellExtension.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?LinkID=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"HP Photosmart Premier – Schnellstart.lnk" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"VersionBackup.lnk" - "SB-AW" - C:\Programme\VersionBackup\VersionBackup.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\mr\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 2.0.lnk" - ? - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
"PhotoShow Deluxe Media Manager" - "Simple Star, Inc." - C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
"TVBroadcast" - "ODSoft multimedia" - C:\Programme\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "  (File not found)
"LanguageShortcut" - ? - "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"OpwareSE4" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SAFEHOME HotKeys" - ? - "C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe"
"SetIcon" - ? - \Programme\SMSC\SetIcon.exe  (File not found)
"SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"TVEService" - "CyberLink Corp." - "C:\Programme\Home Cinema\TV Enhance\TVEService.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Messenger Sharing USN Journal Reader-Service" (usnsvc) - "Microsoft Corporation" - C:\Programme\MSN Messenger\usnsvc.dll
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7A90000 \WINDOWS\system32\KDCOM.DLL
0xF79A0000 \WINDOWS\system32\BOOTVID.dll
0xF7460000 ACPI.sys
0xF7A92000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF744F000 pci.sys
0xF7590000 isapnp.sys
0xF75A0000 ohci1394.sys
0xF75B0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B58000 pciide.sys
0xF7810000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A94000 viaide.sys
0xF75C0000 MountMgr.sys
0xF7430000 ftdisk.sys
0xF7A96000 dmload.sys
0xF740A000 dmio.sys
0xF7818000 PartMgr.sys
0xF7820000 videX32.sys
0xF75D0000 VolSnap.sys
0xF73F2000 atapi.sys
0xF75E0000 disk.sys
0xF75F0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73D2000 fltmgr.sys
0xF73C0000 sr.sys
0xF7828000 xfilt.sys
0xF7600000 PxHelp20.sys
0xF73A9000 KSecDD.sys
0xF731C000 Ntfs.sys
0xF72EF000 NDIS.sys
0xF7610000 uagp35.sys
0xF72D5000 Mup.sys
0xF6B40000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF641A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6406000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B30000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A84000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7640000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7650000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF63E3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7920000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF63BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7928000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7660000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF6397000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6289000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0xF72B1000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF7930000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7670000 \SystemRoot\system32\DRIVERS\serial.sys
0xF72AD000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6275000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7680000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7938000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7940000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7ADC000 \SystemRoot\System32\Drivers\x10hid.sys
0xF7690000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF7948000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7CC2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72A9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF625E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7950000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7958000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7960000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6206000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ADE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF61A8000 \SystemRoot\system32\DRIVERS\update.sys
0xF7291000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF728D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7700000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7710000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AEA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF3C2C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3C08000 \SystemRoot\system32\drivers\portcls.sys
0xF7720000 \SystemRoot\system32\drivers\drmk.sys
0xF7AEE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B76000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AF0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7980000 \SystemRoot\System32\drivers\vga.sys
0xF7AF2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7988000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7990000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6256000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3B85000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7740000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF3B2C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3B04000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3ADE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7750000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF3ABC000 \SystemRoot\System32\drivers\afd.sys
0xF7760000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7998000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF3AAA000 \??\C:\WINDOWS\system32\drivers\Sleen15.sys
0xF3A7F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3A0F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7770000 \SystemRoot\System32\Drivers\Fips.SYS
0xF39E9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B04000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF399D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7870000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7878000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xF6E5E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3985000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A9A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF61A4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7888000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CA1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBA6D3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF78F0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA6C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA44E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA3BD000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA275000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9B5D000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA05A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B40000 \SystemRoot\system32\drivers\MSPQM.sys
0xBF593000 \SystemRoot\System32\ATMFD.DLL
0xF7918000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9578000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB91E8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB9574000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB8815000 \??\C:\DOKUME~1\mr\LOKALE~1\Temp\fgtdypow.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
420 C:\WINDOWS\system32\smss.exe
480 csrss.exe
504 C:\WINDOWS\system32\winlogon.exe
548 C:\WINDOWS\system32\services.exe
560 C:\WINDOWS\system32\lsass.exe
748 C:\WINDOWS\system32\svchost.exe
800 svchost.exe
868 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1096 svchost.exe
1184 C:\WINDOWS\system32\spoolsv.exe
1276 svchost.exe
1364 C:\WINDOWS\ehome\ehrecvr.exe
1380 C:\WINDOWS\ehome\ehSched.exe
1456 C:\WINDOWS\system32\svchost.exe
1504 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
1556 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
1696 C:\WINDOWS\system32\nvsvc32.exe
1772 C:\WINDOWS\system32\HPZipm12.exe
1828 C:\Programme\CyberLink\Shared Files\RichVideo.exe
1896 C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe
696 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
916 C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
1056 C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
1352 C:\Programme\Common Files\X10\Common\X10nets.exe
1868 mcrdsvc.exe
2004 wmpnetwk.exe
2140 C:\Programme\Canon\CAL\CALMAIN.exe
2528 C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
2924 C:\WINDOWS\explorer.exe
3068 C:\WINDOWS\system32\dllhost.exe
3368 alg.exe
3736 C:\WINDOWS\ehome\ehtray.exe
3748 C:\WINDOWS\RTHDCPL.exe
3772 C:\WINDOWS\ehome\ehmsas.exe
3884 C:\WINDOWS\system32\rundll32.exe
3940 C:\Programme\SMSC\SetIcon.exe
4016 C:\Programme\Home Cinema\TV Enhance\TVEService.exe
356 C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
368 C:\Programme\Steganos Safe Home\SteganosHotKeyService.exe
1408 C:\WINDOWS\system32\rundll32.exe
2300 C:\Programme\HP\HP Software Update\hpwuSchd2.exe
2324 C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
2312 C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
2072 C:\Programme\Windows Media Player\wmpnscfg.exe
2124 C:\Programme\Microsoft ActiveSync\wcescomm.exe
2136 C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
2712 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
2992 C:\Programme\OpenOffice.org 2.0\program\soffice.exe
3076 C:\Programme\OpenOffice.org 2.0\program\soffice.bin
3140 C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
2892 C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
4004 C:\Programme\Mozilla Firefox\firefox.exe
4068 C:\Programme\Mozilla Firefox\plugin-container.exe
2352 C:\Programme\Avira\AntiVir Desktop\avguard.exe
2336 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
4076 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3680 C:\Programme\Avira\AntiVir Desktop\sched.exe
2620 C:\Dokumente und Einstellungen\mr\Desktop\osam_autorun_manager_5_0_portable\osam.exe
3400 C:\Dokumente und Einstellungen\mr\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000045`a3811400 (FAT32)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC
PhysicalDrive1 Model Number: ST3500820AS, Rev: SD45

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 37A7DEC0F491D819C35BCE1B3E4CD6BC5576EDC4
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

flacor.dat Fehlermeldung (RUNDLL) bei Windows-Start - kritisch?

Log-Analyse und Auswertung: flacor.dat Fehlermeldung (RUNDLL) bei Windows-Start - kritisch?

flacor.dat Fehlermeldung (RUNDLL) bei Windows-Start - kritisch?

flacor.dat Fehlermeldung (RUNDLL) bei Windows-Start - kritisch?

Ähnliche Themen: flacor.dat Fehlermeldung (RUNDLL) bei Windows-Start - kritisch?