win7, Darstellungsfehler System relevanter Fenster/Programme, Bluescreens
Hi,
bitte um Hilfe.
Mein System stellt bestimmte, meist systemrelevante Fenster wie Taskmanager oder "msconfig" nicht mehr korrekt dar. Auch Programme wie Kaspersky oder OTL ist die Benutzeroberfläche nicht mehr benutzbar. Zu dem verursachen Anwendungen wie Thunderbird und Firefox Bluescreens.
Vielen Dank schon mal im Voraus.
msinfo32: Code:
Betriebssystemname Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Zus‰tzliche Betriebssystembeschreibung Nicht verf¸gbar
Betriebssystemhersteller Microsoft Corporation
Systemname ***
Systemhersteller SAMSUNG ELECTRONICS CO., LTD.
Systemmodell R519/R719
Systemtyp X86-basierter PC
Prozessor Pentium(R) Dual-Core CPU T4300 @ 2.10GHz, 2100 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum Phoenix Technologies Ltd. 06CI.M050.20090917.JIP, 17.09.2009
SMBIOS-Version 2.5
Windows-Verzeichnis C:\windows
Systemverzeichnis C:\windows\system32
Startger‰t \Device\HarddiskVolume2
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.1.7601.17514"
Benutzername ***-PC\***
Zeitzone Mitteleurop‰ische Sommerzeit
Installierter physikalischer Speicher (RAM) 4,00 GB
Gesamter realer Speicher 2,96 GB
Verf¸gbarer realer Speicher 2,15 GB
Gesamter virtueller Speicher 5,93 GB
Verf¸gbarer virtueller Speicher 4,96 GB
Grˆfle der Auslagerungsdatei 2,96 GB
Auslagerungsdatei C:\pagefile.sys
Bluescreens1: Code:
win32k.sys
PAGE_FAULT_NONPAGE_AREA
0x00000050 (0xFF838000,0x000000001,0x98CD76E7)
Bluescreens2: Code:
win32k.sys
PAGE_FAULT_NONPAGE_AREA
0x00000050 (0xFF981000,0x000000001,0x978B76E7)
win32k.sys Adress 978B76E7 base at 97870000, DataStamp 4fb1abcc
OTL und hijackthis haben eine nicht benutzbare Oberfläche. Beide Programme besten aus leeren Flächen(wireframe ähnlich).
GMER: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-18 19:47:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: qsd6ym17.exe; Driver: C:\Users\***~1\AppData\Local\Temp\awlcypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x92833BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9283552C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x92835782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x928359FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x92834450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x92834B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x92834F3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x928345F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x92834E14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x928337D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x92834CD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x92833992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9283506E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x92836CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x928340EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x928341EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x92834D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x928366A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x92837672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x92834752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x92836734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x92836D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x92834FDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x928344D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x92834EAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x92833DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x92836CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x92835110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x92833CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x92835C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9283707C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x928369CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9283549A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x92835360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x92836442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x92837554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9283486C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9283430C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x92835CF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x9283682E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x928371BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x928372A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x928373C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x928365CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x92833F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x92833EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x92836F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9283402E]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 83054989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830744E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139F 8307B75C 4 Bytes [D0, 3B, 83, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8307B784 8 Bytes [2C, 55, 83, 92, 82, 57, 83, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 140B 8307B7C8 4 Bytes [FC, 59, 83, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 1437 8307B7F4 4 Bytes [50, 44, 83, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 145B 8307B818 4 Bytes [32, 4B, 83, 92] {XOR CL, [EBX-0x7d]; XCHG EDX, EAX}
.text ...
.text autochk.exe 00281204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0028120C 1 Byte [00]
.text autochk.exe 00281210 1 Byte [00]
.text autochk.exe 00281214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 00281218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1784] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1784] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[1784] USER32.dll!NotifyWinEvent + 6AE 7622D66C 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3560] C:\windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3560] C:\windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3560] USER32.dll!NotifyWinEvent + 6AE 7622D66C 4 Bytes [70, 11, 33, 6D]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xFA 0x1D 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x19 0xF1 0xD3 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0xAC 0xD4 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xFA 0x1D 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x19 0xF1 0xD3 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0xAC 0xD4 0x5F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Files - GMER 1.0.15 ----
File C:\Windows\winsxs\x86_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_5b8b67785f3a2616\IMTCCFG.DLL (size mismatch) 171520/172032 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-o..achine-ui.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f36d1ea54f29ec09\msoobeui.dll.mui (size mismatch) 26624/27136 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17514_none_646298193ff2d1d5\msoobeui.dll (size mismatch) 1111040/1115136 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.1.7601.17514_none_0f85b4206173c24c\msoobe.exe (size mismatch) 67072/67584 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a\RasMigPlugin.dll (size mismatch) 116736/172544 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\Setup.exe (size mismatch) 244224/245248 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\spprgrss.dll (size mismatch) 53760/54272 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\wdsutil.dll (size mismatch) 50688/51200 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\windeploy.exe (size mismatch) 96256/96768 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\WinLGDep.dll (size mismatch) 52736/53248 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_3433e83a0b8461a2\winsetup.dll (size mismatch) 1794048/1795584 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-w..-installer-provider_31bf3856ad364e35_6.1.7601.17514_none_2c90813538733827\msiprov.dll (size mismatch) 311808/311296 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.1.7601.17514_none_fd50bd45d7febcf3\fastprox.dll (size mismatch) 605696/606208 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_126a2876e9a722d2\WmiPrvSD.dll (size mismatch) 515584/517120 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_126a2876e9a722d2\WmiPrvSE.exe (size mismatch) 254976/257536 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_e3c71ccf3513c780\wbemcore.dll (size mismatch) 776192/780288 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-ds-provider_31bf3856ad364e35_6.1.7601.17514_none_8af0a42f3093a384\dsprov.dll (size mismatch) 130560/130048 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_f2610a3c0b1c7d97\ntevt.dll (size mismatch) 175616/175104 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_6.1.7601.17514_de-de_a08d9a5493d84f4e\wbemtest.exe.mui (size mismatch) 25600/26112 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_6f3ee955adc74b87\pbkmigr.dll (size mismatch) 47104/67584 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_6.1.7601.17514_none_d1b25b1c6451e490\cimwin32.dll (size mismatch) 1340416/1341952 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-aero_31bf3856ad364e35_6.1.7601.17514_none_adea7b7677abaf54\aero.msstyles (size mismatch) 1187984/1171088 bytes executable
---- EOF - GMER 1.0.15 ----
aswMBR: Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-18 22:39:32
-----------------------------
22:39:32.728 OS Version: Windows 6.1.7601 Service Pack 1
22:39:32.728 Number of processors: 2 586 0x170A
22:39:32.728 ComputerName: ***-PC UserName: ***
22:40:02.071 Initialize success
22:46:20.435 AVAST engine defs: 12061801
22:47:04.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:47:04.021 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
22:47:04.037 Disk 0 MBR read successfully
22:47:04.052 Disk 0 MBR scan
22:47:04.052 Disk 0 unknown MBR code
22:47:04.052 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
22:47:04.068 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
22:47:04.083 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 144890 MB offset 31664128
22:47:04.115 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 144893 MB offset 328398848
22:47:04.115 Disk 0 scanning sectors +625139712
22:47:04.177 Disk 0 scanning C:\windows\system32\drivers
22:47:12.866 Service scanning
22:47:36.157 Modules scanning
22:47:44.316 Disk 0 trace - called modules:
22:47:44.331 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:47:44.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8618f258]
22:47:44.347 3 CLASSPNP.SYS[8b7a459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84a86028]
22:47:44.893 AVAST engine scan C:\
23:38:29.129 Scan finished successfully
23:38:42.608 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
23:38:42.623 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR_full.txt"
Bluescreen3: Code:
BAD_POOL_HEADER
0x00000019 (0x00000020, 0xFFA83160, 0xFFA83190, 0x4A060001)
|
