Kein Zugriff mehr auf Partitionen

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-21 10:33:08
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 XLR8_PL120AB rev.346A13F0
Running: hki4wsli.exe; Driver: C:\Users\Hendrik\AppData\Local\Temp\pxldapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82A4DA49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82A874D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x93C13000, 0x391095, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000049         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-21 11:05:57
-----------------------------
11:05:57.402    OS Version: Windows 6.1.7601 Service Pack 1
11:05:57.402    Number of processors: 4 586 0x2A07
11:05:57.402    ComputerName: LOKI  UserName: 
11:06:00.803    Initialize success
11:13:45.120    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
11:13:45.120    Disk 0 Vendor: SAMSUNG_HD401LJ ZZ100-15 Size: 381553MB BusType: 11
11:13:45.120    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
11:13:45.120    Disk 1 Vendor: XLR8_PL120AB 346A13F0 Size: 114473MB BusType: 11
11:13:45.120    Disk 1 MBR read successfully
11:13:45.136    Disk 1 MBR scan
11:13:45.136    Disk 1 Windows 7 default MBR code
11:13:45.136    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:13:45.136    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
11:13:45.136    Disk 1 scanning sectors +234438656
11:13:45.136    Disk 1 scanning C:\Windows\system32\drivers
11:13:45.916    Service scanning
11:13:46.602    Service MpKslfcd0f4aa c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FE11EB8-2468-4C9E-89A1-D70B796A6DA2}\MpKslfcd0f4aa.sys **LOCKED** 32
11:13:47.835    Modules scanning
11:13:49.847    Disk 1 trace - called modules:
11:13:49.847    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
11:13:49.847    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85a335d0]
11:13:49.863    3 CLASSPNP.SYS[8b19759e] -> nt!IofCallDriver -> [0x858dbc10]
11:13:49.863    5 ACPI.sys[8369c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8553e908]
11:13:49.863    Scan finished successfully
11:14:19.440    Disk 1 MBR has been saved successfully to "C:\Users\Hendrik\Desktop\MBR.dat"
11:14:19.440    The log file has been saved successfully to "C:\Users\Hendrik\Desktop\aswMBR.txt"