GMER Scan:
[CODE]
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-21 10:33:08
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 XLR8_PL120AB rev.346A13F0
Running: hki4wsli.exe; Driver: C:\Users\Hendrik\AppData\Local\Temp\pxldapod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A4DA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A874D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93C13000, 0x391095, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
--- --- ---
aswMBR Scan:
Code:
Alles auswählen Aufklappen ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-21 11:05:57
-----------------------------
11:05:57.402 OS Version: Windows 6.1.7601 Service Pack 1
11:05:57.402 Number of processors: 4 586 0x2A07
11:05:57.402 ComputerName: LOKI UserName:
11:06:00.803 Initialize success
11:13:45.120 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
11:13:45.120 Disk 0 Vendor: SAMSUNG_HD401LJ ZZ100-15 Size: 381553MB BusType: 11
11:13:45.120 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
11:13:45.120 Disk 1 Vendor: XLR8_PL120AB 346A13F0 Size: 114473MB BusType: 11
11:13:45.120 Disk 1 MBR read successfully
11:13:45.136 Disk 1 MBR scan
11:13:45.136 Disk 1 Windows 7 default MBR code
11:13:45.136 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:13:45.136 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
11:13:45.136 Disk 1 scanning sectors +234438656
11:13:45.136 Disk 1 scanning C:\Windows\system32\drivers
11:13:45.916 Service scanning
11:13:46.602 Service MpKslfcd0f4aa c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FE11EB8-2468-4C9E-89A1-D70B796A6DA2}\MpKslfcd0f4aa.sys **LOCKED** 32
11:13:47.835 Modules scanning
11:13:49.847 Disk 1 trace - called modules:
11:13:49.847 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
11:13:49.847 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85a335d0]
11:13:49.863 3 CLASSPNP.SYS[8b19759e] -> nt!IofCallDriver -> [0x858dbc10]
11:13:49.863 5 ACPI.sys[8369c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8553e908]
11:13:49.863 Scan finished successfully
11:14:19.440 Disk 1 MBR has been saved successfully to "C:\Users\Hendrik\Desktop\MBR.dat"
11:14:19.440 The log file has been saved successfully to "C:\Users\Hendrik\Desktop\aswMBR.txt"
21.12.2012, 10:36
Hybrid-Darstellung
