Win7 - Bluescreen beim Einstecken USB Sticks

qfvision

Schraubenverwechsler(in)
Hey zusammen -

bin mit meinem Latein am Ende. Beim Einstecken von USB-Sticks gibt es immer einen Bluescreen.

Habt ihr einen Plan? Mit der Crash-Dump-Auswertung kann ich leider nichts anfangen... =(

Gruß
Alex



Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Harbour\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available


************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Machine Name:
Kernel base = 0xfffff800`03015000 PsLoadedModuleList = 0xfffff800`032586d0
Debug session time: Mon Apr 21 10:32:12.581 2014 (UTC + 2:00)
System Uptime: 0 days 0:08:25.627
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols

Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 23, {e0107, fffff880033c32a8, fffff880033c2b00, fffff88000f8f079}

*** ERROR: Module load completed but symbols could not be loaded for MfeEpePc.sys
*** ERROR: Module load completed but symbols could not be loaded for MfeEpeOpal.sys
Probably caused by : partmgr.sys ( partmgr!PmGlobalDispatch+69 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

FAT_FILE_SYSTEM (23)
If you see FatExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000000e0107
Arg2: fffff880033c32a8
Arg3: fffff880033c2b00
Arg4: fffff88000f8f079

Debugging Details:
------------------


EXCEPTION_RECORD: fffff880033c32a8 -- (.exr 0xfffff880033c32a8)
ExceptionAddress: fffff88000f8f079 (partmgr!PmGlobalDispatch+0x0000000000000069)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000

CONTEXT: fffff880033c2b00 -- (.cxr 0xfffff880033c2b00;r)
rax=0000000000000000 rbx=fffffa8009adca60 rcx=fffffa8005379b90
rdx=fffffa8009adca60 rsi=fffffa8009adcfb0 rdi=fffffa8005379ce0
rip=fffff88000f8f079 rsp=fffff880033c34e0 rbp=fffffa8005379ce0
r8=0000000000000003 r9=fffff88000f91560 r10=fffff6fb7dbf5000
r11=0000000000000000 r12=fffffa8005379ce0 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
partmgr!PmGlobalDispatch+0x69:
fffff880`00f8f079 48833800 cmp qword ptr [rax],0 ds:002b:00000000`00000000=????????????????
Last set context:
rax=0000000000000000 rbx=fffffa8009adca60 rcx=fffffa8005379b90
rdx=fffffa8009adca60 rsi=fffffa8009adcfb0 rdi=fffffa8005379ce0
rip=fffff88000f8f079 rsp=fffff880033c34e0 rbp=fffffa8005379ce0
r8=0000000000000003 r9=fffff88000f91560 r10=fffff6fb7dbf5000
r11=0000000000000000 r12=fffffa8005379ce0 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
partmgr!PmGlobalDispatch+0x69:
fffff880`00f8f079 48833800 cmp qword ptr [rax],0 ds:002b:00000000`00000000=????????????????
Resetting default scope

DEFAULT_BUCKET_ID: NULL_DEREFERENCE

PROCESS_NAME: System

CURRENT_IRQL: 0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000000000000

READ_ADDRESS: 0000000000000000

FOLLOWUP_IP:
partmgr!PmGlobalDispatch+69
fffff880`00f8f079 48833800 cmp qword ptr [rax],0

FAULTING_IP:
partmgr!PmGlobalDispatch+69
fffff880`00f8f079 48833800 cmp qword ptr [rax],0

BUGCHECK_STR: 0x23

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

LOCK_ADDRESS: fffff8000328ebe0 -- (!locks fffff8000328ebe0)

Resource @ nt!PiEngineLock (0xfffff8000328ebe0) Exclusively owned
Contention Count = 14
NumberOfExclusiveWaiters = 1
Threads: fffffa8003fd3b50-01<*>
Threads Waiting On Exclusive Access:
fffffa8003fd3660

1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff8000328ebe0
Thread Count : 1
Thread address: 0xfffffa8003fd3b50
Thread wait : 0x7e9b

LAST_CONTROL_TRANSFER: from fffff88004a01d82 to fffff8000308abc0

STACK_TEXT:
fffff880`033c34e0 fffff800`033ab699 : fffffa80`05379b90 fffff880`033c3628 fffffa80`62747346 00000000`000007ff : partmgr!PmGlobalDispatch+0x69
fffff880`033c3510 fffff800`033ab5d6 : fffffa80`000003e6 fffffa80`0a061460 00000000`00000000 00000000`000007ff : nt!FstubReadSector+0x79
fffff880`033c3590 fffff800`033ab6f5 : fffffa80`05379ce0 fffffa80`05379ce0 fffff880`033c3628 fffffa80`05379ce0 : nt!FstubDetectPartitionStyle+0x22
fffff880`033c35c0 fffff880`00f91512 : fffffa80`05379ce0 fffffa80`0a2ad3e0 fffffa80`0a2ad3e0 fffffa80`0a061460 : nt!IoReadPartitionTableEx+0x2d
fffff880`033c35f0 fffff880`00f9d5a6 : fffffa80`0a2a5000 fffffa80`00000000 fffffa80`0a2a5040 fffffa80`0a2ad900 : partmgr!PmGetDriveLayoutEx+0x5d2
fffff880`033c36f0 fffff880`00f91d50 : 00000000`ef000000 fffffa80`0a2ad930 fffffa80`05379d48 fffffa80`05379b90 : partmgr!PmIoctlGetPartitionInfoEx+0xa6
fffff880`033c3740 fffff880`04a15512 : 00000000`00070048 00000000`00070048 fffff800`0328f9f0 fffffa80`054bf000 : partmgr! ?? ::FNODOBFM::`string'+0xbeb
fffff880`033c37a0 fffff880`04a2099d : 00000000`00000000 fffffa80`0a2fcef0 00000000`00000000 fffffa80`054bf0d0 : fastfat!FatPerformDevIoCtrl+0xa2
fffff880`033c3830 fffff880`04a207e7 : fffffa80`00000030 fffffa80`098dc010 fffffa80`0a8e75c0 00000000`00000000 : fastfat!FatMountVolume+0x181
fffff880`033c3a70 fffff880`04a20740 : fffffa80`04284830 fffffa80`04c8ae01 fffffa80`04c8ae01 00000000`00000001 : fastfat!FatCommonFileSystemControl+0x57
fffff880`033c3aa0 fffff880`0118450c : fffffa80`04b219b0 fffffa80`04284830 00000000`00000001 fffffa80`04c8ae30 : fastfat!FatFsdFileSystemControl+0xac
fffff880`033c3ae0 fffff880`0117f971 : fffffa80`06fcf6d0 00000000`00000000 fffffa80`0ad58040 fffffa80`04c8ae30 : fltmgr!FltpFsControlMountVolume+0x28c
fffff880`033c3bb0 fffff800`032f64af : fffffa80`06fcf6d0 00000000`00000000 fffffa80`06fcf6d0 fffffa80`04284830 : fltmgr!FltpFsControl+0x101
fffff880`033c3c10 fffff800`0347d596 : fffffa80`0ad0c790 fffffa80`0535de00 00000000`00000001 fffffa80`0535de00 : nt!IopMountVolume+0x28f
fffff880`033c3cd0 fffff880`00fd575f : 00000000`00000000 00000000`80000016 00000000`00000000 00000000`00000000 : nt!IoVerifyVolume+0x176
fffff880`033c3d60 fffff880`00fd57db : fffffa80`0ad0c790 00000000`00000000 00000000`00000000 00000000`002d1080 : MfeEpePc+0x875f
fffff880`033c3e00 fffff880`00fd104a : 00000000`00000000 fffff800`0321a588 fffffa80`052f8c88 00000000`00000801 : MfeEpePc+0x87db
fffff880`033c3e60 fffff880`00fd29bb : fffffa80`0ad0c8e0 fffffa80`0ad045a0 00000000`00000000 fffffa80`0ae468c0 : MfeEpePc+0x404a
fffff880`033c4090 fffff880`00fd2bef : fffffa80`0ad045a0 00000000`00000000 fffffa80`0ae46770 fffffa80`0ae468c0 : MfeEpePc+0x59bb
fffff880`033c40f0 fffff880`01680820 : fffffa80`0ad04aa8 00000000`00000000 fffffa80`0ad04ae0 fffffa80`0ad04a98 : MfeEpePc+0x5bef
fffff880`033c4150 fffff880`01680a04 : fffffa80`0a76ed80 fffffa80`0ad045a0 fffffa80`03fd3b50 fffff800`033d4f0e : MfeEpeOpal+0xc820
fffff880`033c41e0 fffff880`01680540 : fffffa80`0a76ed80 fffffa80`0ad045a0 00000000`00000000 fffffa80`0a76ed80 : MfeEpeOpal+0xca04
fffff880`033c4470 fffff800`033ad759 : fffffa80`0a76ed80 fffffa80`0ad045a0 00000000`00000000 00000000`00000000 : MfeEpeOpal+0xc540
fffff880`033c44d0 fffff880`00f94a94 : fffffa80`0ad045a0 fffffa80`05379ce0 fffffa80`04025c00 00000000`00000801 : nt!IoForwardIrpSynchronously+0x75
fffff880`033c4530 fffff880`00f9e32a : 00000000`00000000 fffffa80`0ad045a0 fffffa80`0ad045a0 fffffa80`05379b90 : partmgr!PmStartDevice+0x74
fffff880`033c4600 fffff800`0344718e : fffffa80`0ad045a0 fffffa80`0ace8bd0 fffffa80`05379b90 fffff800`0318aed0 : partmgr!PmPnp+0x11a
fffff880`033c4650 fffff800`031817ad : fffffa80`0ad74b60 fffffa80`0ace8bd0 fffff800`0318aed0 00000000`00000000 : nt!PnpAsynchronousCall+0xce
fffff880`033c4690 fffff800`03456506 : fffff800`0328e9a0 fffffa80`0461ad90 fffffa80`0ace8bd0 fffffa80`0461af38 : nt!PnpStartDevice+0x11d
fffff880`033c4750 fffff800`034567a4 : fffffa80`0461ad90 fffffa80`07bc0047 fffffa80`07bcfc50 00000000`00000001 : nt!PnpStartDeviceNode+0x156
fffff880`033c47e0 fffff800`03479eb6 : fffffa80`0461ad90 fffffa80`07bcfc50 00000000`00000002 00000000`00000000 : nt!PipProcessStartPhase1+0x74
fffff880`033c4810 fffff800`0347a448 : fffff800`0328c560 00000000`00000000 00000000`00000001 fffff800`032f5e08 : nt!PipProcessDevNodeTree+0x296
fffff880`033c4a80 fffff800`0318d827 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`033c4ad0 fffff800`03094261 : fffff800`0318d500 fffffa80`03fd3b01 00000000`00000000 fffffa80`03fd3b50 : nt!PnpDeviceActionWorker+0x327
fffff880`033c4b70 fffff800`033272ea : a8699af7`9fd28b49 fffffa80`03fd3b50 00000000`00000080 fffffa80`03f5a9e0 : nt!ExpWorkerThread+0x111
fffff880`033c4c00 fffff800`0307b8e6 : fffff880`031d5180 fffffa80`03fd3b50 fffff880`031dffc0 1ee0f364`4d342d06 : nt!PspSystemThreadStartup+0x5a
fffff880`033c4c40 00000000`00000000 : fffff880`033c5000 fffff880`033bf000 fffff880`033c2ee0 00000000`00000000 : nt!KxStartSystemThread+0x16


SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: partmgr!PmGlobalDispatch+69

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: partmgr

IMAGE_NAME: partmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4f641bc1

STACK_COMMAND: .cxr 0xfffff880033c2b00 ; kb

FAILURE_BUCKET_ID: X64_0x23_partmgr!PmGlobalDispatch+69

BUCKET_ID: X64_0x23_partmgr!PmGlobalDispatch+69

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:x64_0x23_partmgr!pmglobaldispatch+69

FAILURE_ID_HASH: {b76574a6-c4e5-03da-18c1-586103fe779c}

Followup: MachineOwner
---------
 
Alle Treiber aktuell ?
Neueste BIOS Version installiert ?
Alle Windows Updates installiert ?
Passiert dies bei allen USB Ports ?
 
Alle Treiber aktuell ? Ja, auch noch einmal manuell ürprüft.
Neueste BIOS Version installiert ? Ja, Problem tauchte erst vor wenigen Tagen auf.
Alle Windows Updates installiert ? Ja
Passiert dies bei allen USB Ports ? Ja.

Danke!!!
 
Hast du mehrere USB Sticks getestet ?

Problem tauchte erst vor wenigen Tagen auf.
Versuche einmal die Systemwiederherstellung, setze das System auf einen Punkt zurück wo noch alles funktioniert hat.
Windows erstellt selbständig mindestens einmal im Monat so einen Punkt, bei den Windows Updates.
Keine angst, dabei gehen keine Daten Verloren.
 
Hallo. Kannst du den Ordner C:/Windows/Minidump zippen und hier hochladen? Da müsste man noch etwas im Detail im dump analysieren.
 
Habe gerade nochmal mit meiner Freundin gesprochen. Das Problem gibt es wohl schon seit Monaten. Anbei die dmps... . Danke!
 

Anhänge

  • Minidump.zip
    324,4 KB · Aufrufe: 11
McAffee ist hier offensichtlich am Absturz beteiligt. Wie bereits von Baerliner empfohlen, solltest du McAffee deinstallieren.
Testweise (als vorübergehender Schutz) kannst du die Microsoft Essentials installieren.
 
Vielen Dank - ich bin verwirrt McAffee ist gar nicht installiert, ich habe G-Data Internet Security laufen. Soll ich probeweise auch mal G-Data deinstallieren? Danke für eine Rückmeldung.
 
Hey - vielen Dank für die Antwort. Habe gerade noch einmal manuell das Update Programm von HP durchlaufen lassen. Alle Treiber und Firmware auf dem neuseten Stand. McAffee habe ich allerdings gar nicht auf dem Rechner installiert. Nutze G-Data - auch deinstallieren? Danke!
 
Hallo.

Hier die Liste der zur Laufzeit geladenen Treiber:

Code:
fffff880`04665000 fffff880`04672000   Accelerometer Accelerometer.sys Mon Sep 24 17:31:45 2012 (50607CE1)
fffff880`00fa0000 fffff880`00ff7000   ACPI     ACPI.sys     Sat Nov 20 10:19:16 2010 (4CE79294)
fffff880`0661b000 fffff880`06624000   Afc      Afc.sys      Wed Jul 12 07:48:20 2006 (44B48D24)
fffff880`01a0d000 fffff880`01a96000   afd      afd.sys      Sat Sep 28 03:09:07 2013 (52462C33)
fffff880`053ea000 fffff880`05400000   AgileVpn AgileVpn.sys Tue Jul 14 02:10:24 2009 (4A5BCCF0)
fffff880`0124e000 fffff880`01259000   amdxata  amdxata.sys  Fri Mar 19 17:18:18 2010 (4BA3A3CA)
fffff880`047ce000 fffff880`047d4380   ArcSoftVCapture ArcSoftVCapture.sys Thu Nov 11 06:23:32 2010 (4CDB7DD4)
fffff880`08c26000 fffff880`08c31000   asyncmac asyncmac.sys Tue Jul 14 02:10:13 2009 (4A5BCCE5)
fffff880`01200000 fffff880`01209000   atapi    atapi.sys    Tue Jul 14 01:19:47 2009 (4A5BC113)
fffff880`01209000 fffff880`01233000   ataport  ataport.SYS  Mon Aug 05 03:02:45 2013 (51FEF9B5)
fffff880`06626000 fffff880`069f7000   athrx    athrx.sys    Fri Dec 21 06:24:45 2012 (50D3F29D)
fffff880`04a3b000 fffff880`05370000   atikmdag atikmdag.sys Mon Mar 28 17:38:08 2011 (4D90AB60)
fffff880`03ce2000 fffff880`03d31000   atikmpag atikmpag.sys Mon Mar 28 17:09:10 2011 (4D90A496)
fffff960`00970000 fffff960`009d1000   ATMFD    ATMFD.DLL    unavailable (00000000)
fffff880`00e68000 fffff880`00e74000   BATTC    BATTC.SYS    Tue Jul 14 01:31:01 2009 (4A5BC3B5)
fffff880`02e09000 fffff880`02e10000   Beep     Beep.SYS     Tue Jul 14 02:00:13 2009 (4A5BCA8D)
fffff880`04383000 fffff880`04394000   blbdrive blbdrive.sys Tue Jul 14 01:35:59 2009 (4A5BC4DF)
fffff880`03b6a000 fffff880`03b88000   bowser   bowser.sys   Wed Feb 23 05:55:04 2011 (4D649328)
fffff880`0423b000 fffff880`04248000   btath_bus btath_bus.sys Tue Jul 03 13:06:55 2012 (4FF2D24F)
fffff960`006c0000 fffff960`006e7000   cdd      cdd.dll      unavailable (00000000)
fffff880`02f8c000 fffff880`02fb6000   cdrom    cdrom.sys    Sat Nov 20 10:19:20 2010 (4CE79298)
fffff880`00d18000 fffff880`00dd8000   CI       CI.dll       Sat Nov 20 14:12:36 2010 (4CE7C944)
fffff880`01b2b000 fffff880`01b5b000   CLASSPNP CLASSPNP.SYS Sat Nov 20 10:19:23 2010 (4CE7929B)
fffff880`00cba000 fffff880`00d18000   CLFS     CLFS.SYS     Tue Jul 14 01:19:57 2009 (4A5BC11D)
fffff880`069f7000 fffff880`069fb500   CmBatt   CmBatt.sys   Tue Jul 14 01:31:03 2009 (4A5BC3B7)
fffff880`0105e000 fffff880`010d0000   cng      cng.sys      Wed Aug 01 17:48:07 2012 (50194FB7)
fffff880`00e5f000 fffff880`00e68000   compbatt compbatt.sys Tue Jul 14 01:31:02 2009 (4A5BC3B6)
fffff880`053d4000 fffff880`053e4000   CompositeBus CompositeBus.sys Sat Nov 20 11:33:17 2010 (4CE7A3ED)
fffff880`04453000 fffff880`04461000   crashdmp crashdmp.sys Tue Jul 14 02:01:01 2009 (4A5BCABD)
fffff880`04365000 fffff880`04383000   dfsc     dfsc.sys     Sat Nov 20 10:26:31 2010 (4CE79447)
fffff880`04356000 fffff880`04365000   discache discache.sys Tue Jul 14 01:37:18 2009 (4A5BC52E)
fffff880`01b15000 fffff880`01b2b000   disk     disk.sys     Tue Jul 14 01:19:57 2009 (4A5BC11D)
fffff880`045dd000 fffff880`045ff000   drmk     drmk.sys     Fri Oct 04 04:16:30 2013 (524E24FE)
fffff880`04463000 fffff880`04476000   dump_dumpfve dump_dumpfve.sys Tue Jul 14 01:21:51 2009 (4A5BC18F)
fffff880`02e1e000 fffff880`02f72000   dump_iaStor dump_iaStor.sys Thu Jan 13 02:50:12 2011 (4D2E5A54)
fffff880`04461000 fffff880`04462880   dump_MfeEpeHb dump_MfeEpeHb.sys Fri Feb 01 11:31:02 2013 (510B9966)
fffff880`04476000 fffff880`04482000   Dxapi    Dxapi.sys    Tue Jul 14 01:38:28 2009 (4A5BC574)
fffff880`04673000 fffff880`04768000   dxgkrnl  dxgkrnl.sys  Thu Aug 01 10:06:17 2013 (51FA16F9)
fffff880`04768000 fffff880`047ae000   dxgmms1  dxgmms1.sys  Thu Aug 01 10:05:50 2013 (51FA16DE)
fffff880`05370000 fffff880`053a6000   fastfat  fastfat.SYS  Tue Jul 14 01:23:28 2009 (4A5BC1F0)
fffff880`01282000 fffff880`01296000   fileinfo fileinfo.sys Tue Jul 14 01:34:25 2009 (4A5BC481)
fffff880`01173000 fffff880`011bf000   fltmgr   fltmgr.sys   Sat Nov 20 10:19:24 2010 (4CE7929C)
fffff880`015da000 fffff880`015e4000   Fs_Rec   Fs_Rec.sys   unavailable (00000000)
fffff880`01adb000 fffff880`01b15000   fvevol   fvevol.sys   Thu Jan 24 04:11:24 2013 (5100A65C)
fffff880`017b1000 fffff880`017fa000   fwpkclnt fwpkclnt.sys Thu Jan 03 04:06:48 2013 (50E4F5C8)
fffff880`00e89000 fffff880`00e9d000   GDBehave GDBehave.sys Fri Aug 02 03:43:49 2013 (51FB0ED5)
fffff880`047e8000 fffff880`047ff000   gddcd64  gddcd64.sys  Fri Jun 21 14:22:53 2013 (51C4459D)
fffff880`02fee000 fffff880`03000000   gddcv64  gddcv64.sys  Fri Jun 21 14:22:53 2013 (51C4459D)
fffff880`04344000 fffff880`04356000   gdwfpcd64 gdwfpcd64.sys Wed Aug 14 10:34:53 2013 (520B412D)
fffff880`04325000 fffff880`04344000   GRD      GRD.sys      Mon Sep 09 03:37:42 2013 (522D2666)
fffff800`035fa000 fffff800`03643000   hal      hal.dll      Sat Nov 20 14:00:25 2010 (4CE7C669)
fffff880`05800000 fffff880`05824000   HDAudBus HDAudBus.sys Sat Nov 20 11:43:42 2010 (4CE7A65E)
fffff880`047ae000 fffff880`047bf000   HECIx64  HECIx64.sys  Wed Oct 20 01:33:43 2010 (4CBE2AD7)
fffff880`08dd6000 fffff880`08def000   HIDCLASS HIDCLASS.SYS Wed Jul 03 06:05:05 2013 (51D3A2F1)
fffff880`08def000 fffff880`08df7080   HIDPARSE HIDPARSE.SYS Wed Jul 03 06:05:04 2013 (51D3A2F0)
fffff880`08dc8000 fffff880`08dd6000   hidusb   hidusb.sys   Sat Nov 20 11:43:49 2010 (4CE7A665)
fffff880`02fda000 fffff880`02fee000   HookCentre HookCentre.sys Fri Aug 02 03:46:12 2013 (51FB0F64)
fffff880`015ed000 fffff880`015f7000   hpdskflt hpdskflt.sys Mon Sep 24 17:31:14 2012 (50607CC2)
fffff880`0660d000 fffff880`06619000   HpqKbFiltr HpqKbFiltr.sys Tue Feb 16 19:22:39 2010 (4B7AE26F)
fffff880`03a97000 fffff880`03b60000   HTTP     HTTP.sys     Sat Nov 20 10:24:30 2010 (4CE793CE)
fffff880`015e4000 fffff880`015ed000   hwpolicy hwpolicy.sys Sat Nov 20 10:18:54 2010 (4CE7927E)
fffff880`063e2000 fffff880`06400000   i8042prt i8042prt.sys Tue Jul 14 01:19:57 2009 (4A5BC11D)
fffff880`012a4000 fffff880`013f8000   iaStor   iaStor.sys   Thu Jan 13 02:50:12 2011 (4D2E5A54)
fffff880`0582d000 fffff880`063e1700   igdpmd64 igdpmd64.sys Thu Jan 27 17:57:05 2011 (4D41A3E1)
fffff880`04400000 fffff880`04453000   IntcDAud IntcDAud.sys Fri Oct 15 10:28:17 2010 (4CB810A1)
fffff880`043ba000 fffff880`043d0000   intelppm intelppm.sys Tue Jul 14 01:19:25 2009 (4A5BC0FD)
fffff880`053a6000 fffff880`053d4000   jmcr     jmcr.sys     Tue Jul 31 04:57:46 2012 (501749AA)
fffff880`04656000 fffff880`04665000   kbdclass kbdclass.sys Tue Jul 14 01:19:50 2009 (4A5BC116)
fffff800`00bcf000 fffff800`00bd9000   kdcom    kdcom.dll    Sat Feb 05 17:52:49 2011 (4D4D8061)
fffff880`03c78000 fffff880`03cbb000   ks       ks.sys       Sat Nov 20 11:33:23 2010 (4CE7A3F3)
fffff880`015ae000 fffff880`015c9000   ksecdd   ksecdd.sys   Wed Sep 25 03:03:28 2013 (52423660)
fffff880`01660000 fffff880`0168b000   ksecpkg  ksecpkg.sys  Wed Sep 25 03:20:07 2013 (52423A47)
fffff880`053e4000 fffff880`053e9200   ksthunk  ksthunk.sys  Tue Jul 14 02:00:19 2009 (4A5BCA93)
fffff880`026e7000 fffff880`026fc000   lltdio   lltdio.sys   Tue Jul 14 02:08:50 2009 (4A5BCC92)
fffff880`02800000 fffff880`02823000   luafv    luafv.sys    Tue Jul 14 01:26:13 2009 (4A5BC295)
fffff880`00c57000 fffff880`00ca6000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 14:03:51 2010 (4CE7C737)
fffff880`0168b000 fffff880`016a1e80   MfeEpeOpal MfeEpeOpal.sys Fri Feb 01 11:32:25 2013 (510B99B9)
fffff880`010d0000 fffff880`010f4f80   MfeEpePc MfeEpePc.sys Fri Feb 01 11:29:45 2013 (510B9919)
fffff880`02fb6000 fffff880`02fda000   MiniIcpt MiniIcpt.sys Fri Aug 02 03:44:18 2013 (51FB0EF2)
fffff880`026bc000 fffff880`026ca000   monitor  monitor.sys  Tue Jul 14 01:38:52 2009 (4A5BC58C)
fffff880`047bf000 fffff880`047ce000   mouclass mouclass.sys Tue Jul 14 01:19:50 2009 (4A5BC116)
fffff880`08c19000 fffff880`08c26000   mouhid   mouhid.sys   Tue Jul 14 02:00:20 2009 (4A5BCA94)
fffff880`01159000 fffff880`01173000   mountmgr mountmgr.sys Sat Nov 20 10:19:21 2010 (4CE79299)
fffff880`03b88000 fffff880`03ba0000   mpsdrv   mpsdrv.sys   Tue Jul 14 02:08:25 2009 (4A5BCC79)
fffff880`03ba0000 fffff880`03bcd000   mrxsmb   mrxsmb.sys   Wed Apr 27 04:40:38 2011 (4DB78226)
fffff880`03a00000 fffff880`03a4e000   mrxsmb10 mrxsmb10.sys Sat Jul 09 04:46:28 2011 (4E17C104)
fffff880`03a4e000 fffff880`03a72000   mrxsmb20 mrxsmb20.sys Wed Apr 27 04:39:37 2011 (4DB781E9)
fffff880`01233000 fffff880`0123e000   msahci   msahci.sys   Sat Nov 20 11:33:58 2010 (4CE7A416)
fffff880`01bb9000 fffff880`01bc4000   Msfs     Msfs.SYS     unavailable (00000000)
fffff880`00e00000 fffff880`00e0a000   msisadrv msisadrv.sys Tue Jul 14 01:19:26 2009 (4A5BC0FE)
fffff880`01000000 fffff880`0105e000   msrpc    msrpc.sys    unavailable (00000000)
fffff880`0431a000 fffff880`04325000   mssmbios mssmbios.sys Tue Jul 14 01:31:10 2009 (4A5BC3BE)
fffff880`016aa000 fffff880`016bc000   mup      mup.sys      Tue Jul 14 01:23:45 2009 (4A5BC201)
fffff880`016bf000 fffff880`017b1000   ndis     ndis.sys     Wed Aug 22 17:11:46 2012 (5034F6B2)
fffff880`04a2f000 fffff880`04a3b000   ndistapi ndistapi.sys Tue Jul 14 02:10:00 2009 (4A5BCCD8)
fffff880`0274f000 fffff880`02762000   ndisuio  ndisuio.sys  Sat Nov 20 11:50:08 2010 (4CE7A7E0)
fffff880`043d0000 fffff880`043ff000   ndiswan  ndiswan.sys  Sat Nov 20 11:52:32 2010 (4CE7A870)
fffff880`04502000 fffff880`04517000   NDProxy  NDProxy.SYS  Sat Nov 20 11:52:20 2010 (4CE7A864)
fffff880`00dee000 fffff880`00dfd000   netbios  netbios.sys  Tue Jul 14 02:09:26 2009 (4A5BCCB6)
fffff880`01a96000 fffff880`01adb000   netbt    netbt.sys    Sat Nov 20 10:23:18 2010 (4CE79386)
fffff880`01600000 fffff880`01660000   NETIO    NETIO.SYS    Tue Nov 26 11:21:01 2013 (5294760D)
fffff880`01bc4000 fffff880`01bd5000   Npfs     Npfs.SYS     Tue Jul 14 01:19:48 2009 (4A5BC114)
fffff880`0430e000 fffff880`0431a000   nsiproxy nsiproxy.sys Tue Jul 14 01:21:02 2009 (4A5BC15E)
fffff800`03015000 fffff800`035fa000   nt       ntkrnlmp.exe Thu Aug 29 03:13:25 2013 (521EA035)
fffff880`01405000 fffff880`015ae000   Ntfs     Ntfs.sys     Fri Jan 24 02:14:50 2014 (52E1BE8A)
fffff880`02e00000 fffff880`02e09000   Null     Null.SYS     unavailable (00000000)
fffff880`026fc000 fffff880`0274f000   nwifi    nwifi.sys    Tue Jul 14 02:07:23 2009 (4A5BCC3B)
fffff880`00e9d000 fffff880`00ec3000   pacer    pacer.sys    Sat Nov 20 11:52:18 2010 (4CE7A862)
fffff880`00e4a000 fffff880`00e5f000   partmgr  partmgr.sys  Sat Mar 17 06:06:09 2012 (4F641BC1)
fffff880`00e0a000 fffff880`00e3d000   pci      pci.sys      Sat Nov 20 10:19:11 2010 (4CE7928F)
fffff880`0123e000 fffff880`0124e000   PCIIDEX  PCIIDEX.SYS  Tue Jul 14 01:19:48 2009 (4A5BC114)
fffff880`015c9000 fffff880`015da000   pcw      pcw.sys      Tue Jul 14 01:19:27 2009 (4A5BC0FF)
fffff880`08c6b000 fffff880`08d11000   peauth   peauth.sys   Tue Jul 14 03:01:19 2009 (4A5BD8DF)
fffff880`08c4f000 fffff880`08c65000   PktIcpt  PktIcpt.sys  Wed Aug 14 10:30:30 2013 (520B4026)
fffff880`045a0000 fffff880`045dd000   portcls  portcls.sys  Fri Oct 04 03:36:02 2013 (524E1B82)
fffff880`00ca6000 fffff880`00cba000   PSHED    PSHED.dll    Tue Jul 14 03:32:23 2009 (4A5BE027)
fffff880`03cbb000 fffff880`03cdf000   rasl2tp  rasl2tp.sys  Sat Nov 20 11:52:34 2010 (4CE7A872)
fffff880`03de0000 fffff880`03dfb000   raspppoe raspppoe.sys Tue Jul 14 02:10:17 2009 (4A5BCCE9)
fffff880`04200000 fffff880`04221000   raspptp  raspptp.sys  Sat Nov 20 11:52:31 2010 (4CE7A86F)
fffff880`04221000 fffff880`0423b000   rassstp  rassstp.sys  Tue Jul 14 02:10:25 2009 (4A5BCCF1)
fffff880`042bd000 fffff880`0430e000   rdbss    rdbss.sys    Sat Nov 20 10:27:51 2010 (4CE79497)
fffff880`01b9e000 fffff880`01ba7000   RDPCDD   RDPCDD.sys   Tue Jul 14 02:16:34 2009 (4A5BCE62)
fffff880`01ba7000 fffff880`01bb0000   rdpencdd rdpencdd.sys Tue Jul 14 02:16:34 2009 (4A5BCE62)
fffff880`01bb0000 fffff880`01bb9000   rdprefmp rdprefmp.sys Tue Jul 14 02:16:35 2009 (4A5BCE63)
fffff880`011bf000 fffff880`011f9000   rdyboost rdyboost.sys Sat Nov 20 10:43:10 2010 (4CE7982E)
fffff880`02762000 fffff880`0277a000   rspndr   rspndr.sys   Tue Jul 14 02:08:50 2009 (4A5BCC92)
fffff880`03d31000 fffff880`03de0000   Rt64win7 Rt64win7.sys Wed Apr 11 18:29:16 2012 (4F85B15C)
fffff880`04a00000 fffff880`04a2f000   SCSIPORT SCSIPORT.SYS Sat Nov 20 11:34:01 2010 (4CE7A419)
fffff880`08d11000 fffff880`08d1c000   secdrv   secdrv.SYS   Wed Sep 13 15:18:38 2006 (4508052E)
fffff880`02827000 fffff880`029ed200   snp2uvc  snp2uvc.sys  Tue Nov 20 04:01:44 2012 (50AAF298)
fffff880`016a2000 fffff880`016aa000   spldr    spldr.sys    Mon May 11 18:56:27 2009 (4A0858BB)
fffff880`02600000 fffff880`02698000   srv      srv.sys      Fri Apr 29 05:06:06 2011 (4DBA2B1E)
fffff880`08d5f000 fffff880`08dc8000   srv2     srv2.sys     Fri Apr 29 05:05:46 2011 (4DBA2B0A)
fffff880`08d1c000 fffff880`08d4d000   srvnet   srvnet.sys   Fri Apr 29 05:05:35 2011 (4DBA2AFF)
fffff880`04517000 fffff880`045a0000   stwrt64  stwrt64.sys  Fri Sep 21 05:02:08 2012 (505BD8B0)
fffff880`069fc000 fffff880`069fd480   swenum   swenum.sys   Tue Jul 14 02:00:18 2009 (4A5BCA92)
fffff880`03c00000 fffff880`03c78000   SynTP    SynTP.sys    Fri Jan 11 06:21:14 2013 (50EFA14A)
fffff880`01801000 fffff880`01a00000   tcpip    tcpip.sys    Sun Sep 08 03:11:52 2013 (522BCED8)
fffff880`08d4d000 fffff880`08d5f000   tcpipreg tcpipreg.sys Wed Oct 03 18:07:26 2012 (506C62BE)
fffff880`01a00000 fffff880`01a0d000   TDI      TDI.SYS      Sat Nov 20 10:22:06 2010 (4CE7933E)
fffff880`01bd5000 fffff880`01bf7000   tdx      tdx.sys      Sat Nov 20 10:21:54 2010 (4CE79332)
fffff880`042a9000 fffff880`042bd000   termdd   termdd.sys   Sat Nov 20 12:03:40 2010 (4CE7AB0C)
fffff880`04268000 fffff880`042a9000   truecrypt truecrypt.sys Tue Feb 07 10:09:36 2012 (4F30EA50)
fffff880`01259000 fffff880`01282000   TS4nt    TS4nt.sys    Thu Aug 19 16:05:30 2010 (4C6D3A2A)
fffff960`00540000 fffff960`0054a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`04394000 fffff880`043ba000   tunnel   tunnel.sys   Sat Nov 20 11:51:50 2010 (4CE7A846)
fffff880`04496000 fffff880`044a8000   umbus    umbus.sys    Sat Nov 20 11:44:37 2010 (4CE7A695)
fffff880`026ca000 fffff880`026e7000   usbccgp  usbccgp.sys  Wed Nov 27 02:41:15 2013 (52954DBB)
fffff880`06619000 fffff880`0661ae80   USBD     USBD.SYS     Wed Nov 27 02:41:03 2013 (52954DAF)
fffff880`047d6000 fffff880`047e8000   usbehci  usbehci.sys  Wed Nov 27 02:41:11 2013 (52954DB7)
fffff880`044a8000 fffff880`04502000   usbhub   usbhub.sys   Wed Nov 27 02:41:36 2013 (52954DD0)
fffff880`04600000 fffff880`04656000   USBPORT  USBPORT.SYS  Wed Nov 27 02:41:11 2013 (52954DB7)
fffff880`08c31000 fffff880`08c4c000   USBSTOR  USBSTOR.SYS  Fri Mar 11 05:37:16 2011 (4D79A6FC)
fffff880`00e3d000 fffff880`00e4a000   vdrvroot vdrvroot.sys Tue Jul 14 02:01:31 2009 (4A5BCADB)
fffff880`02e10000 fffff880`02e1e000   vga      vga.sys      Tue Jul 14 01:38:47 2009 (4A5BC587)
fffff880`01b69000 fffff880`01b8e000   VIDEOPRT VIDEOPRT.SYS Tue Jul 14 01:38:51 2009 (4A5BC58B)
fffff880`00e74000 fffff880`00e89000   volmgr   volmgr.sys   Sat Nov 20 10:19:28 2010 (4CE792A0)
fffff880`010fd000 fffff880`01159000   volmgrx  volmgrx.sys  Sat Nov 20 10:20:43 2010 (4CE792EB)
fffff880`00c00000 fffff880`00c4c000   volsnap  volsnap.sys  Fri Feb 25 04:38:18 2011 (4D67242A)
fffff880`06600000 fffff880`0660d000   vwifibus vwifibus.sys Tue Jul 14 02:07:21 2009 (4A5BCC39)
fffff880`00dd8000 fffff880`00dee000   vwififlt vwififlt.sys Tue Jul 14 02:07:22 2009 (4A5BCC3A)
fffff880`03b60000 fffff880`03b6a000   vwifimp  vwifimp.sys  Tue Jul 14 02:07:28 2009 (4A5BCC40)
fffff880`0424d000 fffff880`04268000   wanarp   wanarp.sys   Sat Nov 20 11:52:36 2010 (4CE7A874)
fffff880`01b8e000 fffff880`01b9e000   watchdog watchdog.sys Tue Jul 14 01:37:35 2009 (4A5BC53F)
fffff880`00ece000 fffff880`00f90000   Wdf01000 Wdf01000.sys Sat Jun 22 05:13:05 2013 (51C51641)
fffff880`00f90000 fffff880`00fa0000   WDFLDR   WDFLDR.SYS   Thu Jul 26 04:29:04 2012 (5010AB70)
fffff880`01bf7000 fffff880`01c00000   wfplwf   wfplwf.sys   Tue Jul 14 02:09:26 2009 (4A5BCCB6)
fffff960`000a0000 fffff960`003b7000   win32k   win32k.sys   unavailable (00000000)
fffff880`05824000 fffff880`0582d000   wmiacpi  wmiacpi.sys  Tue Jul 14 01:31:02 2009 (4A5BC3B6)
fffff880`00ff7000 fffff880`01000000   WMILIB   WMILIB.SYS   Tue Jul 14 01:19:51 2009 (4A5BC117)
fffff880`08c00000 fffff880`08c19000   WudfPf   WudfPf.sys   Thu Jul 26 04:26:45 2012 (5010AAE5)

Hier sind die beiden zu McAffee gehörenden Treiber. Der zweite ist in den Dumps unmittelbar involviert:

Code:
fffff880`0168b000 fffff880`016a1e80   MfeEpeOpal \SystemRoot\System32\Drivers\MfeEpeOpal.sys Fri Feb 01 11:32:25 2013 (510B99B9)
fffff880`010d0000 fffff880`010f4f80   MfeEpePc \SystemRoot\System32\Drivers\MfeEpePc.sys Fri Feb 01 11:29:45 2013 (510B9919)

Du hast da also irgendeine nicht gänzlich deinstallierte McAffee Komponente. Die musst Du loswerden.
 
\SystemRoot\System32\Drivers\MfeEpePc.sys
\SystemRoot\System32\Drivers\MfeEpeOpal.sys

Abgesicherter Modus , die beiden Dateien löschen & neustarten falls du kein Deinstaller für McAffe findest.
Ist aber auf eigene Gefahr , also nur wenn du dich das traust !!!! ;)
 
Hast du irgendwann eine Sony Kamera via USB an den Rechner angeschlossen?

Sony installiert gerne ungefragt Rootkits auf den Rechnern.
 
Vielen Dank für eure Hilfe! Habe das McAfee Removal Tool durchlaufen lassen - leider ist der Zustand unverändert, Bluscreen nach Einstecken von USB-Sticks. Hier noch die neue Crash-Dump-Datei. Habe festgestellt, dass wenn ich den Stick anschließe, wenn das Notebook noch aus ist - keinerlei Probleme.

Habt ihr noch einen Tipp?

Danke!
 

Anhänge

  • 042714-23322-01.zip
    23,1 KB · Aufrufe: 4
Gehe ins Verzeichnis C:/Windows/System32/Drivers und benenne folgende Dateien um mit dem Zusatz '.old':

Code:
start             end                 module name
fffff880`017c3000 fffff880`017d9e80   MfeEpeOpal   (deferred)             
    Image path: \SystemRoot\System32\Drivers\MfeEpeOpal.sys
    Image name: MfeEpeOpal.sys
    Timestamp:        Fri Feb 01 11:32:25 2013 (510B99B9)
    CheckSum:         0001E853
    ImageSize:        00016E80
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff880`01b42000 fffff880`01b66f80   MfeEpePc T (no symbols)           
    Loaded symbol image file: MfeEpePc.sys
    Image path: \SystemRoot\System32\Drivers\MfeEpePc.sys
    Image name: MfeEpePc.sys
    Timestamp:        Fri Feb 01 11:29:45 2013 (510B9919)
    CheckSum:         00035E10
    ImageSize:        00024F80
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Dann neustarten und probieren.
 
Probiert. Nun startet der Rechner nicht mehr. Automatische Reparatur über InstallationsCD geht auch nicht. Dachte ich kann die Dateien unter MS Dos wieder umbenennen. Die Dateien sind aber nicht mehr da. Hilfe, was soll ich machen?
 
komme ich nicht mehr hin - bluescreen, der sofort wieder weg ist, danach startet der Rechner neu, soll Installationscd einlegen und systemstartreparatur durchführen. die sagt aber 'starthilfe kann diesen computer nicht automatisch reparieren'...

hast du eine ahnung, warum ich im Verzeichnis die *.old Dateien nicht mehr anvezeigt bekomme. Dir/s *.old er findet nix
 
Zurück