schnuff81 | 30.05.2014 14:20 | die Addition:FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by diane at 2014-05-29 23:11:24
Running from C:\Users\diane\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 for Desktop (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Boot Camp-Dienste (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.4.1 (HKLM-x32\...\{df32bb9e-3ed8-36b5-a649-e8c845c5f3a2}) (Version: 3.4.1150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - AMD (amdkmafd) System (09/22/2012 9.002.0.0000) (HKLM\...\203795FBE6DF8F5E5F7AFFD457E83797A053787C) (Version: 09/22/2012 9.002.0.0000 - AMD)
Windows-Treiberpaket - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows-Treiberpaket - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215) (HKLM\...\59EE3461B77229A4F846543766A6EFF2F2BAFC6B) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)
==================== Restore Points =========================
22-05-2014 07:52:19 Installed Apple Software Update
23-05-2014 18:33:09 avast! antivirus system restore point
23-05-2014 20:02:51 23.05.14
24-05-2014 09:21:57 „Microsoft Office 365 - de-de“ jetzt mit Total Uninstall deinstallieren
24-05-2014 09:34:50 Installed MSXML 4.0 SP3 Parser
24-05-2014 09:35:50 Installed Python 3.4.1
24-05-2014 13:14:49 Removed Adobe Help Manager
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2BE29875-BACD-4024-9ED8-355475D5C1A6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3214302C-523B-4223-9023-56949EDBB47F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {35110380-A01F-4BAA-B6BF-942DBA53C501} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1853241126-2369169002-3466866254-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {446810FE-5E4C-492E-AC1F-B8209D85F768} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {52F78127-145E-4612-9D7A-EA5A188E30CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-23] (AVAST Software)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AF2A006-83AA-46E8-BFBF-84780954A6CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA37DC53-25E5-4A7F-9754-0BD489A1CE80} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-04] (Microsoft Corporation)
Task: {B30A1CCB-5E05-42E7-B993-C5397C606A57} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C413DFD6-4C71-4ACA-94F8-05F988D66317} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23] (Adobe Systems Incorporated)
Task: {CADCADDE-9849-43A1-B0F0-983D8745966C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D04C1E7C-2F28-4B51-BE15-B3A7337BAFBE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-24] (Microsoft Corporation)
Task: {D7CDF7D0-9792-44FC-84D3-ABB41374907E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-02-06 12:36 - 2014-02-06 12:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2014-05-24 11:31 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-24 11:31 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-05-29 12:24 - 2014-05-29 12:24 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14052900\algo.dll
2014-05-23 20:33 - 2014-05-23 20:33 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-09-05 19:05 - 2011-09-05 19:05 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2014-05-23 20:22 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-22 09:54 - 2014-01-31 17:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2014 11:21:53 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {d12680f5-2975-4b83-bfb4-a3d57dbe1506}
Error: (05/24/2014 11:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: officec2rclient.exe, Version: 15.0.4615.1000, Zeitstempel: 0x534ce2f3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f034a
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000000761c9
ID des fehlerhaften Prozesses: 0xff8
Startzeit der fehlerhaften Anwendung: 0xofficec2rclient.exe0
Pfad der fehlerhaften Anwendung: officec2rclient.exe1
Pfad des fehlerhaften Moduls: officec2rclient.exe2
Berichtskennung: officec2rclient.exe3
Vollständiger Name des fehlerhaften Pakets: officec2rclient.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: officec2rclient.exe5
Error: (05/24/2014 11:13:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: officec2rclient.exe, Version: 15.0.4615.1000, Zeitstempel: 0x534ce2f3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f034a
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000000761c9
ID des fehlerhaften Prozesses: 0xca4
Startzeit der fehlerhaften Anwendung: 0xofficec2rclient.exe0
Pfad der fehlerhaften Anwendung: officec2rclient.exe1
Pfad des fehlerhaften Moduls: officec2rclient.exe2
Berichtskennung: officec2rclient.exe3
Vollständiger Name des fehlerhaften Pakets: officec2rclient.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: officec2rclient.exe5
Error: (05/24/2014 11:13:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: officec2rclient.exe, Version: 15.0.4615.1000, Zeitstempel: 0x534ce2f3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f034a
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000000761c9
ID des fehlerhaften Prozesses: 0x628
Startzeit der fehlerhaften Anwendung: 0xofficec2rclient.exe0
Pfad der fehlerhaften Anwendung: officec2rclient.exe1
Pfad des fehlerhaften Moduls: officec2rclient.exe2
Berichtskennung: officec2rclient.exe3
Vollständiger Name des fehlerhaften Pakets: officec2rclient.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: officec2rclient.exe5
Error: (05/24/2014 00:53:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: perfboost.exe, Version: 0.0.0.0, Zeitstempel: 0x528c7c98
Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x52c3f528
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f287
ID des fehlerhaften Prozesses: 0x3520
Startzeit der fehlerhaften Anwendung: 0xperfboost.exe0
Pfad der fehlerhaften Anwendung: perfboost.exe1
Pfad des fehlerhaften Moduls: perfboost.exe2
Berichtskennung: perfboost.exe3
Vollständiger Name des fehlerhaften Pakets: perfboost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: perfboost.exe5
Error: (05/24/2014 00:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: perfboost.exe, Version: 0.0.0.0, Zeitstempel: 0x528c7c98
Name des fehlerhaften Moduls: appvisvsubsystems32.dll, Version: 5.151.36.0, Zeitstempel: 0x515df0ba
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e267
ID des fehlerhaften Prozesses: 0x3900
Startzeit der fehlerhaften Anwendung: 0xperfboost.exe0
Pfad der fehlerhaften Anwendung: perfboost.exe1
Pfad des fehlerhaften Moduls: perfboost.exe2
Berichtskennung: perfboost.exe3
Vollständiger Name des fehlerhaften Pakets: perfboost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: perfboost.exe5
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: perfboost.exe, Version: 0.0.0.0, Zeitstempel: 0x528c7c98
Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x52c3f528
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f287
ID des fehlerhaften Prozesses: 0x101c
Startzeit der fehlerhaften Anwendung: 0xperfboost.exe0
Pfad der fehlerhaften Anwendung: perfboost.exe1
Pfad des fehlerhaften Moduls: perfboost.exe2
Berichtskennung: perfboost.exe3
Vollständiger Name des fehlerhaften Pakets: perfboost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: perfboost.exe5
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: perfboost.exe, Version: 0.0.0.0, Zeitstempel: 0x528c7c98
Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x52c3f528
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f287
ID des fehlerhaften Prozesses: 0xd00
Startzeit der fehlerhaften Anwendung: 0xperfboost.exe0
Pfad der fehlerhaften Anwendung: perfboost.exe1
Pfad des fehlerhaften Moduls: perfboost.exe2
Berichtskennung: perfboost.exe3
Vollständiger Name des fehlerhaften Pakets: perfboost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: perfboost.exe5
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: perfboost.exe, Version: 0.0.0.0, Zeitstempel: 0x528c7c98
Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x52c3f528
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f287
ID des fehlerhaften Prozesses: 0xa58
Startzeit der fehlerhaften Anwendung: 0xperfboost.exe0
Pfad der fehlerhaften Anwendung: perfboost.exe1
Pfad des fehlerhaften Moduls: perfboost.exe2
Berichtskennung: perfboost.exe3
Vollständiger Name des fehlerhaften Pakets: perfboost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: perfboost.exe5
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: perfboost.exe, Version: 0.0.0.0, Zeitstempel: 0x528c7c98
Name des fehlerhaften Moduls: AppVIsvStream32.dll, Version: 0.0.0.0, Zeitstempel: 0x52c3f528
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f287
ID des fehlerhaften Prozesses: 0x9bc
Startzeit der fehlerhaften Anwendung: 0xperfboost.exe0
Pfad der fehlerhaften Anwendung: perfboost.exe1
Pfad des fehlerhaften Moduls: perfboost.exe2
Berichtskennung: perfboost.exe3
Vollständiger Name des fehlerhaften Pakets: perfboost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: perfboost.exe5
System errors:
=============
Error: (05/29/2014 11:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 11:05:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 11:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 11:05:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 11:05:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 10:57:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 10:53:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 10:53:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 10:53:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (05/29/2014 10:52:36 PM) (Source: DCOM) (EventID: 10010) (User: diane0107)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Microsoft Office Sessions:
=========================
Error: (05/24/2014 11:21:53 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {d12680f5-2975-4b83-bfb4-a3d57dbe1506}
Error: (05/24/2014 11:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: officec2rclient.exe15.0.4615.1000534ce2f3MSVCR100.dll10.0.40219.14d5f034a4000001500000000000761c9ff801cf77312cde7cefC:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exeC:\Program Files\Microsoft Office 15\ClientX64\MSVCR100.dll9ce464e1-e324-11e3-825b-600308986a83
Error: (05/24/2014 11:13:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: officec2rclient.exe15.0.4615.1000534ce2f3MSVCR100.dll10.0.40219.14d5f034a4000001500000000000761c9ca401cf773071c1467dC:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exeC:\Program Files\Microsoft Office 15\ClientX64\MSVCR100.dllaf9b1f80-e323-11e3-825a-600308986a83
Error: (05/24/2014 11:13:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: officec2rclient.exe15.0.4615.1000534ce2f3MSVCR100.dll10.0.40219.14d5f034a4000001500000000000761c962801cf7730530ea0c4C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exeC:\Program Files\Microsoft Office 15\ClientX64\MSVCR100.dll9c7ea12f-e323-11e3-825a-600308986a83
Error: (05/24/2014 00:53:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfboost.exe0.0.0.0528c7c98AppVIsvStream32.dll0.0.0.052c3f528c00000050001f287352001cf76d9d7246e38C:\Program Files\Microsoft Office 15\root\office15\perfboost.exeC:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll1619f2f7-e2cd-11e3-8258-600308986a83
Error: (05/24/2014 00:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfboost.exe0.0.0.0528c7c98appvisvsubsystems32.dll5.151.36.0515df0bac00000050003e267390001cf76d7868c60c3C:\Program Files\Microsoft Office 15\root\office15\perfboost.exeC:\Program Files\Microsoft Office 15\root\office15\appvisvsubsystems32.dllc475022e-e2ca-11e3-8258-600308986a83
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfboost.exe0.0.0.0528c7c98AppVIsvStream32.dll0.0.0.052c3f528c00000050001f287101c01cf76d7782979f3C:\Program Files\Microsoft Office 15\root\office15\perfboost.exeC:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dllc41bcfc3-e2ca-11e3-8258-600308986a83
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfboost.exe0.0.0.0528c7c98AppVIsvStream32.dll0.0.0.052c3f528c00000050001f287d0001cf76d7811f3fe8C:\Program Files\Microsoft Office 15\root\office15\perfboost.exeC:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dllc41b0c4b-e2ca-11e3-8258-600308986a83
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfboost.exe0.0.0.0528c7c98AppVIsvStream32.dll0.0.0.052c3f528c00000050001f287a5801cf76d77bbd1382C:\Program Files\Microsoft Office 15\root\office15\perfboost.exeC:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dllc418a74c-e2ca-11e3-8258-600308986a83
Error: (05/24/2014 00:37:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfboost.exe0.0.0.0528c7c98AppVIsvStream32.dll0.0.0.052c3f528c00000050001f2879bc01cf76d77d86e061C:\Program Files\Microsoft Office 15\root\office15\perfboost.exeC:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dllc418803c-e2ca-11e3-8258-600308986a83
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 16292.25 MB
Available physical RAM: 14412.43 MB
Total Pagefile: 19236.25 MB
Available Pagefile: 17275.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows 8) (Fixed) (Total:174.55 GB) (Free:119.41 GB) NTFS
Drive d: (TRANSCEND) (Fixed) (Total:931.28 GB) (Free:370.61 GB) FAT32
Drive e: (Macintosh HD) (Fixed) (Total:290.57 GB) (Free:50.87 GB) HFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 2C17263A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
==================== End Of Log ============================ --- --- ---
und von MBAR: Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Non-administrative
Internet Explorer version: 11.0.9600.17107
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 17083666432, free: 13976322048
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 977105059
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2698904391
GPT Header CurrentLba = 1 BackupLba 977105059
GPT Header FirstUsableLba 34 LastUsableLba 977105026
GPT Header Guid 4e672841-a371-4e9f-bffd-2c65b1b0e178
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2698904391
Backup GPT header CurrentLba = 977105059 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 977105026
Backup GPT header Guid 4e672841-a371-4e9f-bffd-2c65b1b0e178
Backup GPT header Contains 128 partition entries starting at LBA 977105027
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID f4b5fa86-9542-409e-882e-711a3651436
FirstLBA 40 Last LBA 409639
Attributes 0
Partition Name EFI System Partition
GPT Partition 0 is bootable
Partition 1 Type 48465300-0-11aa-aa11-0306543ecac
Partition ID ccd80eb-7d20-42fe-b972-20e9c8c9c310
FirstLBA 409640 Last LBA 609784615
Attributes 0
Partition Name Customer
Partition 2 Type 426f6f74-0-11aa-aa11-0306543ecac
Partition ID fe6e3716-f436-4d8b-bc1d-d5486d85914a
FirstLBA 609784616 Last LBA 611054151
Attributes 0
Partition Name Recovery HD
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 5accfd4f-cb28-4fa2-ab46-7b2a76f7909f
FirstLBA 611055616 Last LBA 977104895
Attributes 0
Partition Name BOOTCAMP
Disk Size: 500277790720 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17107
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 17083666432, free: 15237283840
Downloaded database version: v2014.05.29.12
Downloaded database version: v2014.05.21.01
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 977105059
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2698904391
GPT Header CurrentLba = 1 BackupLba 977105059
GPT Header FirstUsableLba 34 LastUsableLba 977105026
GPT Header Guid 4e672841-a371-4e9f-bffd-2c65b1b0e178
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2698904391
Backup GPT header CurrentLba = 977105059 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 977105026
Backup GPT header Guid 4e672841-a371-4e9f-bffd-2c65b1b0e178
Backup GPT header Contains 128 partition entries starting at LBA 977105027
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID f4b5fa86-9542-409e-882e-711a3651436
FirstLBA 40 Last LBA 409639
Attributes 0
Partition Name EFI System Partition
GPT Partition 0 is bootable
Partition 1 Type 48465300-0-11aa-aa11-0306543ecac
Partition ID ccd80eb-7d20-42fe-b972-20e9c8c9c310
FirstLBA 409640 Last LBA 609784615
Attributes 0
Partition Name Customer
Partition 2 Type 426f6f74-0-11aa-aa11-0306543ecac
Partition ID fe6e3716-f436-4d8b-bc1d-d5486d85914a
FirstLBA 609784616 Last LBA 611054151
Attributes 0
Partition Name Recovery HD
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 5accfd4f-cb28-4fa2-ab46-7b2a76f7909f
FirstLBA 611055616 Last LBA 977104895
Attributes 0
Partition Name BOOTCAMP
Disk Size: 500277790720 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17107
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 17083666432, free: 15008927744
Downloaded database version: v2014.05.29.13
Downloaded database version: v2014.05.21.01
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 977105059
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2698904391
GPT Header CurrentLba = 1 BackupLba 977105059
GPT Header FirstUsableLba 34 LastUsableLba 977105026
GPT Header Guid 4e672841-a371-4e9f-bffd-2c65b1b0e178
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2698904391
Backup GPT header CurrentLba = 977105059 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 977105026
Backup GPT header Guid 4e672841-a371-4e9f-bffd-2c65b1b0e178
Backup GPT header Contains 128 partition entries starting at LBA 977105027
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID f4b5fa86-9542-409e-882e-711a3651436
FirstLBA 40 Last LBA 409639
Attributes 0
Partition Name EFI System Partition
GPT Partition 0 is bootable
Partition 1 Type 48465300-0-11aa-aa11-0306543ecac
Partition ID ccd80eb-7d20-42fe-b972-20e9c8c9c310
FirstLBA 409640 Last LBA 609784615
Attributes 0
Partition Name Customer
Partition 2 Type 426f6f74-0-11aa-aa11-0306543ecac
Partition ID fe6e3716-f436-4d8b-bc1d-d5486d85914a
FirstLBA 609784616 Last LBA 611054151
Attributes 0
Partition Name Recovery HD
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 5accfd4f-cb28-4fa2-ab46-7b2a76f7909f
FirstLBA 611055616 Last LBA 977104895
Attributes 0
Partition Name BOOTCAMP
Disk Size: 500277790720 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished Nun habe ich schon eine Rückmeldung von meiner eigenen Mail Provider bekommen (als ich eine mail an mich selbst schickte), dass mein Computer infiziert sei :( |