Hi guys. Sunday late night my PC got infected with somekind of malicious software while surfing. (Java was not up to date, because we just came back from holidays) AntiVir responded to something, but it was already to late. PC rebootet by itself, afterwards I couldnt access anything. The Desktop was just some white explorer like window which stated that the connection to some site could not be established. Nothing else could be done. After searching a bit with my notebook, I tried some things in hope of getting rid of the problem.. which I kind of did, I'm just not sure if I was able to remove everything that has been infected. Hopefully you can help me here.
What did I do after I noticed the infection?
I used my notebook to search for a solution. Finally I created a Kaspersky Rescue Disk on a USB Stick and used it to scan my system. Although it found some things and removed them, the problem still existed. I then booted Windows in safe mode, deinstalled many things I wasnt using anymore and by accident also found a so called ja.exe in the autostart of windows. I deleted it. After a reboot the problem was gone. I installed some other kinds of anti-virus tools since then, and all of them find nothing suspicious at all. But I still wasnt sure if there is not something left over, so I started searching again. I stumbled across a tool called aswMBR and used it. I scanned my system with some of the programs also listed here on your site, created logs and tried to find something suspicious. But well I finally do realize, I dont know what the hell I'm actually looking for, let alone what to do to resolve any issues. I'm totally paranoid right know and kind of freaking out.. help me please.
I read your 5-step Viruses/Spyware/Malware Preliminary Removal Instructions, just not sure if it makes any sense following them now, since I already did so many things... so I'm just going to post the logs I created during my panic attack.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 16:46:35
-----------------------------
16:46:35.382 OS Version: Windows 6.1.7601 Service Pack 1
16:46:35.382 Number of processors: 4 586 0x402
16:46:35.382 ComputerName: STELLA-PC UserName: Stella
16:46:35.975 Initialize success
16:47:08.081 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
16:47:08.081 Disk 0 Vendor: AMD_____ 1.10 Size: 953805MB BusType: 8
16:47:08.081 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
16:47:08.097 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 8
16:47:08.097 Disk 0 MBR read successfully
16:47:08.112 Disk 0 MBR scan
16:47:08.112 Disk 0 Windows 7 default MBR code
16:47:08.128 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:47:08.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848
16:47:08.159 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753803 MB offset 409602048
16:47:08.159 Disk 0 scanning sectors +1953390592
16:47:08.190 Disk 0 scanning C:\Windows\system32\drivers
16:47:12.777 Service scanning
16:47:22.620 Modules scanning
16:47:28.798 Disk 0 trace - called modules:
16:47:28.814 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll amdsbs.sys
16:47:28.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d68a78]
16:47:28.814 3 CLASSPNP.SYS[8c1c959e] -> nt!IofCallDriver -> \Device\00000060[0x85d6bc68]
16:47:28.829 Scan finished successfully
16:48:09.342 Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Desktop\MBR.dat"
16:48:09.358 The log file has been saved successfully to "D:\Eigene Dateien\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 17:05:50
-----------------------------
17:05:50.278 OS Version: Windows 6.1.7601 Service Pack 1
17:05:50.278 Number of processors: 4 586 0x402
17:05:50.278 ComputerName: STELLA-PC UserName: Stella
17:06:03.834 Initialize success
17:06:08.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:06:08.974 Disk 0 Vendor: AMD_____ 1.10 Size: 953805MB BusType: 8
17:06:08.974 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
17:06:08.989 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 8
17:06:08.989 Disk 0 MBR read successfully
17:06:08.989 Disk 0 MBR scan
17:06:08.989 Disk 0 Windows 7 default MBR code
17:06:08.989 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:06:09.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848
17:06:09.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753803 MB offset 409602048
17:06:09.021 Disk 0 scanning sectors +1953390592
17:06:09.052 Disk 0 scanning C:\Windows\system32\drivers
17:06:13.420 Service scanning
17:06:22.983 Modules scanning
17:06:32.951 Disk 0 trace - called modules:
17:06:32.967 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll amdsbs.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
17:06:32.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d66030]
17:06:32.982 3 CLASSPNP.SYS[8c1bf59e] -> nt!IofCallDriver -> \Device\00000060[0x866698f0]
17:06:32.982 Scan finished successfully
17:06:46.920 Verifying
17:06:56.951 Disk 0 Windows 601 MBR fixed successfully
17:07:06.935 Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Desktop\MBR.dat"
17:07:06.951 The log file has been saved successfully to "D:\Eigene Dateien\Desktop\aswMBR1.txt"
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-03 21:44:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000060 AMD_____ rev.1.10
Running: eckchk3u.exe; Driver: C:\Users\Stella\AppData\Local\Temp\pwdiqpod.sys
---- System - GMER 1.0.15 ----
SSDT 927E02F6 ZwCreateSection
SSDT 927E0300 ZwRequestWaitReplyPort
SSDT 927E02FB ZwSetContextThread
SSDT 927E0305 ZwSetSecurityObject
SSDT 927E030A ZwSystemDebugControl
SSDT 927E0297 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 836853C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836BED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 836C5EAC 4 Bytes [F6, 02, 7E, 92] {TEST BYTE [EDX], 0x7e; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 836C6208 4 Bytes [00, 03, 7E, 92] {ADD [EBX], AL; JLE 0xffffffffffffff96}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 836C624C 4 Bytes [FB, 02, 7E, 92] {STI ; ADD BH, [ESI-0x6e]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 836C62C8 4 Bytes [05, 03, 7E, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 836C631C 4 Bytes [0A, 03, 7E, 92] {OR AL, [EBX]; JLE 0xffffffffffffff96}
.text ...
? System32\drivers\afhnhk.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Users\Stella\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Bind ????????????????t???????????????? ?????????????????????-????????????????????? ?????????????????????1??L????????? ???????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????usb\class_08&subclass_06&prot_50????usb.inf???????&?????????p ????N????????????D????????????????????????? ?????????????????????1????????????????????????????????? ?????????????????????1????????????????????????????? ?????s?6??????????????????????????????? ?????????????????????1????????????????????????????????????????? ?????????????????????1??????????????????????N?????????????????????????????????????????????? ?????????????????????1????????????&???????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0010?????????????? ?????????????????????1????????????????????????????????? ?????????????????????1?????????????????????I?I?I?I?I?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Route ????????\??\USB#VID_0830&PID_8002#1d479af1d22cef66f1b0674bda41b52f02acd63c#{a5dcbf10-6530-11d2-901f-00c04fb951ed}f??usb.inf:Generic.Section.NTx86:Composite.Dev:6.1.7601.17514:usb\composite????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????@usb.inf,%generic.mfg%;(Standard-USB-Hostcontroller)????RDPDR???????????monitor.inf?????hid_device??Im??????????t???????????????????????????? x?????????????????{36fc9e60-c465-11cf-8056-444553540000}\0022??????????????????????????9??????{4d36e967-e325-11ce-bfc1-08002be10318}\0001??????????????????????t??????t???????????????????????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????;?;???;?;?;???????;?;?;?;???;???;?????;?;???????4?4)/?????;?;??**?????;???4???? ??;????H????????;?;?;?;??? ???????? ????;???;?;???;?;??Y????4???????;?????;Y??4????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ????
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Export ????????{d4dd8694-6edb-55f6-8e47-bd15c13787fc}?-10???????????s?????ssb???????????p???p????N?????????????????{4d36e967-e325-11ce-bfc1-08002be10318}????????X?????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0005??e???? ??????d???e????????`??????w?g?w??@disk.inf,%genmanufacturer%;(Standardlaufwerke)?ic??????????????????.NT???????D?????????????????BUFFALO USB Flash Disk USB Device???????????????????????????ic??? ???????g??????????? ??????????????:\??? 4??????D??????????USBSTOR\Disk?USBSTOR\RAW??????N??????2?????Dtc??? ?????????????????????-??.???????????????????sd73??? ?????????????????????-?????????????????????????n??? ?????????????????????-????????N?????????????N??????0??????{03d25b69-c4c9-11df-aa8d-b1fa34548778}?? ???? ?????????????????????-?????????????????f??????????????????????????????????usb\class_08&subclass_06&prot_50??????N???????????D???????N??????4??????????????????????????? ???????;?????????????,????????????&????????????????????}??????????????????????????????????? \?????????????????????????????s??
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Bind ????????????????? ?????????????????????1????????????&???????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????$??????????????????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????? ??????????????1??????????????????????,???????????????????????????????????x?????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????:???????????????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????$??????????????????????????????machine.inf?????????????????????? ?????????????????????1?????????????????????????????????????????y??????s???? ?????????????????????1????????0?????????????:???????????h?????system32\DRIVERS\netbios.sys????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????:?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Route ?????|??????????t????????????B??????????????????????????? ???????????????????????????????.??op??????????????????????????USB\VID_0830&PID_8002&REV_0316&MI_01?USB\VID_0830&PID_8002&MI_01?????????:??t?????????????????????????????????????????2??????????????????????????????????????????1???????????????????"?????s67??????????.NT??????????????????????????????????????????????????????????:???????????????????????t??????????????????????USB\Class_ff&SubClass_47&Prot_11?USB\Class_ff&SubClass_47?USB\Class_ff??11??USB\VID_1130&PID_0001&REV_0100?USB\VID_1130&PID_0001????????????????????????? `??????????????????????????I??A???????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????????????????????????????????????????????????????1?1)/??????????**?????????1???? ???????H??????????????????:???????? ????1???????????????1?????1???????1?????????????????????????????????????n??ts????????????b????????????e????????????????????????????????????6.1.7601.17514?0.1??6to4mp.ndi?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Export ??P?4m??????????????????????????????????6.1.7600.16385??????? ??????????????????????????????????????.NT?.N???????????????????????????????????????????D??? ????D??????????????????8??????????????s???????????????????????????? ???????????????????????????????????????????????8???8??????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????G?G???G?G?G???????G?G?G?G???G???G?????G?G???????9?9)/?????G?G??**?????G???9???? ??G????H????????G?G?G?G???????????? ????G???G?G???G?G??Y????9???????G?????GY??9????{4d36e96e-e325-11ce-bfc1-08002be10318}\0012??????????????????????????????s??t.???????????x??\????????????????/??????????????????????????????????????????hidserv.inf?????????????????????????os??????????????????????????????????6???????????????????????????????????????????????????????????????????????????cdrom_install???????????????????????????????? ??????????????????????????? ???3??Nicht-PnP-Monitor (Standard)????PnP-Monitor (Standard)?????????????????????????????
---- EOF - GMER 1.0.15 ----
Hopefully you can help me. Sorry for my englisch, its not my native language. Thanks for any help in advance.
What did I do after I noticed the infection?
I used my notebook to search for a solution. Finally I created a Kaspersky Rescue Disk on a USB Stick and used it to scan my system. Although it found some things and removed them, the problem still existed. I then booted Windows in safe mode, deinstalled many things I wasnt using anymore and by accident also found a so called ja.exe in the autostart of windows. I deleted it. After a reboot the problem was gone. I installed some other kinds of anti-virus tools since then, and all of them find nothing suspicious at all. But I still wasnt sure if there is not something left over, so I started searching again. I stumbled across a tool called aswMBR and used it. I scanned my system with some of the programs also listed here on your site, created logs and tried to find something suspicious. But well I finally do realize, I dont know what the hell I'm actually looking for, let alone what to do to resolve any issues. I'm totally paranoid right know and kind of freaking out.. help me please.
I read your 5-step Viruses/Spyware/Malware Preliminary Removal Instructions, just not sure if it makes any sense following them now, since I already did so many things... so I'm just going to post the logs I created during my panic attack.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 16:46:35
-----------------------------
16:46:35.382 OS Version: Windows 6.1.7601 Service Pack 1
16:46:35.382 Number of processors: 4 586 0x402
16:46:35.382 ComputerName: STELLA-PC UserName: Stella
16:46:35.975 Initialize success
16:47:08.081 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
16:47:08.081 Disk 0 Vendor: AMD_____ 1.10 Size: 953805MB BusType: 8
16:47:08.081 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
16:47:08.097 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 8
16:47:08.097 Disk 0 MBR read successfully
16:47:08.112 Disk 0 MBR scan
16:47:08.112 Disk 0 Windows 7 default MBR code
16:47:08.128 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:47:08.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848
16:47:08.159 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753803 MB offset 409602048
16:47:08.159 Disk 0 scanning sectors +1953390592
16:47:08.190 Disk 0 scanning C:\Windows\system32\drivers
16:47:12.777 Service scanning
16:47:22.620 Modules scanning
16:47:28.798 Disk 0 trace - called modules:
16:47:28.814 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll amdsbs.sys
16:47:28.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d68a78]
16:47:28.814 3 CLASSPNP.SYS[8c1c959e] -> nt!IofCallDriver -> \Device\00000060[0x85d6bc68]
16:47:28.829 Scan finished successfully
16:48:09.342 Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Desktop\MBR.dat"
16:48:09.358 The log file has been saved successfully to "D:\Eigene Dateien\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 17:05:50
-----------------------------
17:05:50.278 OS Version: Windows 6.1.7601 Service Pack 1
17:05:50.278 Number of processors: 4 586 0x402
17:05:50.278 ComputerName: STELLA-PC UserName: Stella
17:06:03.834 Initialize success
17:06:08.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:06:08.974 Disk 0 Vendor: AMD_____ 1.10 Size: 953805MB BusType: 8
17:06:08.974 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
17:06:08.989 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 8
17:06:08.989 Disk 0 MBR read successfully
17:06:08.989 Disk 0 MBR scan
17:06:08.989 Disk 0 Windows 7 default MBR code
17:06:08.989 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:06:09.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199900 MB offset 206848
17:06:09.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753803 MB offset 409602048
17:06:09.021 Disk 0 scanning sectors +1953390592
17:06:09.052 Disk 0 scanning C:\Windows\system32\drivers
17:06:13.420 Service scanning
17:06:22.983 Modules scanning
17:06:32.951 Disk 0 trace - called modules:
17:06:32.967 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll amdsbs.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys
17:06:32.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d66030]
17:06:32.982 3 CLASSPNP.SYS[8c1bf59e] -> nt!IofCallDriver -> \Device\00000060[0x866698f0]
17:06:32.982 Scan finished successfully
17:06:46.920 Verifying
17:06:56.951 Disk 0 Windows 601 MBR fixed successfully
17:07:06.935 Disk 0 MBR has been saved successfully to "D:\Eigene Dateien\Desktop\MBR.dat"
17:07:06.951 The log file has been saved successfully to "D:\Eigene Dateien\Desktop\aswMBR1.txt"
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-03 21:44:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000060 AMD_____ rev.1.10
Running: eckchk3u.exe; Driver: C:\Users\Stella\AppData\Local\Temp\pwdiqpod.sys
---- System - GMER 1.0.15 ----
SSDT 927E02F6 ZwCreateSection
SSDT 927E0300 ZwRequestWaitReplyPort
SSDT 927E02FB ZwSetContextThread
SSDT 927E0305 ZwSetSecurityObject
SSDT 927E030A ZwSystemDebugControl
SSDT 927E0297 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 836853C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836BED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 836C5EAC 4 Bytes [F6, 02, 7E, 92] {TEST BYTE [EDX], 0x7e; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 836C6208 4 Bytes [00, 03, 7E, 92] {ADD [EBX], AL; JLE 0xffffffffffffff96}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 836C624C 4 Bytes [FB, 02, 7E, 92] {STI ; ADD BH, [ESI-0x6e]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 836C62C8 4 Bytes [05, 03, 7E, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 836C631C 4 Bytes [0A, 03, 7E, 92] {OR AL, [EBX]; JLE 0xffffffffffffff96}
.text ...
? System32\drivers\afhnhk.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Users\Stella\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Bind ????????????????t???????????????? ?????????????????????-????????????????????? ?????????????????????1??L????????? ???????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????usb\class_08&subclass_06&prot_50????usb.inf???????&?????????p ????N????????????D????????????????????????? ?????????????????????1????????????????????????????????? ?????????????????????1????????????????????????????? ?????s?6??????????????????????????????? ?????????????????????1????????????????????????????????????????? ?????????????????????1??????????????????????N?????????????????????????????????????????????? ?????????????????????1????????????&???????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0010?????????????? ?????????????????????1????????????????????????????????? ?????????????????????1?????????????????????I?I?I?I?I?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Route ????????\??\USB#VID_0830&PID_8002#1d479af1d22cef66f1b0674bda41b52f02acd63c#{a5dcbf10-6530-11d2-901f-00c04fb951ed}f??usb.inf:Generic.Section.NTx86:Composite.Dev:6.1.7601.17514:usb\composite????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????@usb.inf,%generic.mfg%;(Standard-USB-Hostcontroller)????RDPDR???????????monitor.inf?????hid_device??Im??????????t???????????????????????????? x?????????????????{36fc9e60-c465-11cf-8056-444553540000}\0022??????????????????????????9??????{4d36e967-e325-11ce-bfc1-08002be10318}\0001??????????????????????t??????t???????????????????????????????????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????;?;???;?;?;???????;?;?;?;???;???;?????;?;???????4?4)/?????;?;??**?????;???4???? ??;????H????????;?;?;?;??? ???????? ????;???;?;???;?;??Y????4???????;?????;Y??4????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ????
Reg HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage@Export ????????{d4dd8694-6edb-55f6-8e47-bd15c13787fc}?-10???????????s?????ssb???????????p???p????N?????????????????{4d36e967-e325-11ce-bfc1-08002be10318}????????X?????????????{4d36e967-e325-11ce-bfc1-08002be10318}\0005??e???? ??????d???e????????`??????w?g?w??@disk.inf,%genmanufacturer%;(Standardlaufwerke)?ic??????????????????.NT???????D?????????????????BUFFALO USB Flash Disk USB Device???????????????????????????ic??? ???????g??????????? ??????????????:\??? 4??????D??????????USBSTOR\Disk?USBSTOR\RAW??????N??????2?????Dtc??? ?????????????????????-??.???????????????????sd73??? ?????????????????????-?????????????????????????n??? ?????????????????????-????????N?????????????N??????0??????{03d25b69-c4c9-11df-aa8d-b1fa34548778}?? ???? ?????????????????????-?????????????????f??????????????????????????????????usb\class_08&subclass_06&prot_50??????N???????????D???????N??????4??????????????????????????? ???????;?????????????,????????????&????????????????????}??????????????????????????????????? \?????????????????????????????s??
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Bind ????????????????? ?????????????????????1????????????&???????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????$??????????????????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????? ??????????????1??????????????????????,???????????????????????????????????x?????? ?????????????????????1????????????????????????????????????????? ?????????????????????1????????:???????????????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????$??????????????????????????????machine.inf?????????????????????? ?????????????????????1?????????????????????????????????????????y??????s???? ?????????????????????1????????0?????????????:???????????h?????system32\DRIVERS\netbios.sys????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????:?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Route ?????|??????????t????????????B??????????????????????????? ???????????????????????????????.??op??????????????????????????USB\VID_0830&PID_8002&REV_0316&MI_01?USB\VID_0830&PID_8002&MI_01?????????:??t?????????????????????????????????????????2??????????????????????????????????????????1???????????????????"?????s67??????????.NT??????????????????????????????????????????????????????????:???????????????????????t??????????????????????USB\Class_ff&SubClass_47&Prot_11?USB\Class_ff&SubClass_47?USB\Class_ff??11??USB\VID_1130&PID_0001&REV_0100?USB\VID_1130&PID_0001????????????????????????? `??????????????????????????I??A???????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????????????????????????????????????????????????????1?1)/??????????**?????????1???? ???????H??????????????????:???????? ????1???????????????1?????1???????1?????????????????????????????????????n??ts????????????b????????????e????????????????????????????????????6.1.7601.17514?0.1??6to4mp.ndi?
Reg HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage@Export ??P?4m??????????????????????????????????6.1.7600.16385??????? ??????????????????????????????????????.NT?.N???????????????????????????????????????????D??? ????D??????????????????8??????????????s???????????????????????????? ???????????????????????????????????????????????8???8??????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ??????????? ??????????????????G?G???G?G?G???????G?G?G?G???G???G?????G?G???????9?9)/?????G?G??**?????G???9???? ??G????H????????G?G?G?G???????????? ????G???G?G???G?G??Y????9???????G?????GY??9????{4d36e96e-e325-11ce-bfc1-08002be10318}\0012??????????????????????????????s??t.???????????x??\????????????????/??????????????????????????????????????????hidserv.inf?????????????????????????os??????????????????????????????????6???????????????????????????????????????????????????????????????????????????cdrom_install???????????????????????????????? ??????????????????????????? ???3??Nicht-PnP-Monitor (Standard)????PnP-Monitor (Standard)?????????????????????????????
---- EOF - GMER 1.0.15 ----
Hopefully you can help me. Sorry for my englisch, its not my native language. Thanks for any help in advance.