Hello,
I know that some expertise is required to understand the results of the aswMBR rootkit scan. which I have not.
The scan results gave 2 yellow and 2 red files:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-24 15:11:04
15:11:04.963 OS Version: Windows 6.0.6002 Service Pack 2
15:11:04.963 Number of processors: 2 586 0xF0B
15:11:04.965 ComputerName: PC_VAN_BEKKER UserName: Bekker
15:11:42.212 Initialize success
15:13:36.860 AVAST engine defs: 13122301
15:17:04.424 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
15:17:04.427 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-12 Size: 305245MB BusType: 3
15:17:04.685 Disk 0 MBR read successfully
15:17:04.688 Disk 0 MBR scan
15:17:05.457 Disk 0 Windows VISTA default MBR code
15:17:05.880 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
15:17:05.980 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
15:17:06.135 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294949 MB offset 21084160
15:17:06.221 Disk 0 scanning sectors +625139712
15:17:07.087 Disk 0 scanning C:\Windows\system32\drivers
15:19:41.798 Service scanning
15:20:32.087 Service MpKsld2c805c3 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates{CE8B8991-2365-4C6F-AD87-CCAB54A92655}\MpKsld2c805c3.sys LOCKED 32
15:20:59.971 Service sptd C:\Windows\System32\Drivers\sptd.sys LOCKED 32
15:21:37.696 Modules scanning
15:22:15.296 Disk 0 trace - called modules:
15:22:15.326 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85d321e8]<<
15:22:15.327 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x86ff6ac8]
15:22:15.327 3 CLASSPNP.SYS[8bfaa8b3] → nt!IofCallDriver → [0x866bb620]
15:22:15.327 5 acpi.sys[83db76bc] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0x867008a0]
15:22:15.328 \Driver\atapi[0x866f1560] → IRP_MJ_CREATE → 0x85d321e8
15:22:18.721 AVAST engine scan C:\Windows
15:22:33.039 AVAST engine scan C:\Windows\system32
15:31:20.563 AVAST engine scan C:\Windows\system32\drivers
15:32:48.925 AVAST engine scan C:\Users\Bekker
16:36:39.228 AVAST engine scan C:\ProgramData
16:50:37.751 Scan finished successfully
Is it possible to find out whether these results are “false positive” or real threats?
And is it risky just to click the FixMBR button?
Thanks,