Da sind wir noch garnicht! Kommt später dran!

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-30 17:35:35
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Kathrin\AppData\Local\Temp\ugdiafow.sys


---- System - GMER 2.0 ----

SSDT   8C3F565E                       ZwCreateSection
SSDT   8C3F5636                       ZwCreateSymbolicLinkObject
SSDT   8C3F563B                       ZwLoadDriver
SSDT   8C3F5631                       ZwOpenSection
SSDT   8C3F5668                       ZwRequestWaitReplyPort
SSDT   8C3F5663                       ZwSetContextThread
SSDT   8C3F566D                       ZwSetSecurityObject
SSDT   8C3F5640                       ZwSetSystemInformation
SSDT   8C3F5672                       ZwSystemDebugControl
SSDT   8C3F55FF                       ZwTerminateProcess
SSDT   8C3F55FA                       ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!KeSetEvent + 215  81CC38D8 4 Bytes  [5E, 56, 3F, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 21D  81CC38E0 4 Bytes  [36, 56, 3F, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 37D  81CC3A40 4 Bytes  [3B, 56, 3F, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 3FD  81CC3AC0 4 Bytes  [31, 56, 3F, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 539  81CC3BFC 4 Bytes  [68, 56, 3F, 8C]
.text  ...                            

---- EOF - GMER 2.0 ----
         

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-30 17:39:34
-----------------------------
17:39:34.514    OS Version: Windows 6.0.6002 Service Pack 2
17:39:34.514    Number of processors: 2 586 0xF0D
17:39:34.530    ComputerName: KATHRIN-PC  UserName: Kathrin
17:39:37.384    Initialize success
17:40:46.138    AVAST engine defs: 13013000
17:40:58.400    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:40:58.400    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
17:40:58.759    Disk 0 MBR read successfully
17:40:58.759    Disk 0 MBR scan
17:40:58.774    Disk 0 Windows VISTA default MBR code
17:40:58.915    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       275246 MB offset 63
17:40:58.915    Disk 0 Partition - 00     0F Extended LBA             29996 MB offset 563704785
17:40:59.164    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1    29996 MB offset 563704848
17:40:59.492    Disk 0 scanning sectors +625137345
17:41:00.350    Disk 0 scanning C:\Windows\system32\drivers
17:43:00.657    Service scanning
17:43:23.776    Modules scanning
17:45:44.910    Disk 0 trace - called modules:
17:45:45.565    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
17:45:45.580    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cd5ac8]
17:45:45.580    3 CLASSPNP.SYS[8a3b78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8511d8a0]
17:45:47.780    AVAST engine scan C:\Windows
17:50:49.531    AVAST engine scan C:\Windows\system32
17:57:13.743    AVAST engine scan C:\Windows\system32\drivers
17:57:34.522    AVAST engine scan C:\Users\Kathrin
18:24:15.582    AVAST engine scan C:\ProgramData
18:28:46.522    Scan finished successfully
18:31:38.372    Disk 0 MBR has been saved successfully to "C:\Users\Kathrin\Desktop\MBR.dat"
18:31:38.372    The log file has been saved successfully to "C:\Users\Kathrin\Desktop\aswMBR2.txt"
         

Dankeschön...