Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen

raya66 · 18.07.2013, 13:34

Hallo,
habe mir gestern auf meinem Asus Laptop mit Windows 7 den Virus eingefangen (weißer Bildschirm, Neustart bringt nichts, im abgesicherten Modus wird sofort ein Neustart durchgeführt, irgendwann kam dann auch eine Aufforderung zu Zahlen mit nem hübschen Cam-Foto).

Habe mir vom Farber Recovery Scan Tool nach Anleitung aus anderen Themen hier den FRST.txt erstellen lassen. Zu entscheiden was jetzt alles genau in den Fixlog.txt soll traue ich mir nicht zu.

FRST.txt :

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by SYSTEM on 19-07-2013 01:24:18
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [659848 2010-07-18] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [16336488 2009-08-28] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1569536 2013-07-18] (Bitdefender)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-09-15] ()
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [facemoods] - "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [VirtualCloneDrive] - "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKU\Anny\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Anny\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Anny\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Anny\AppData\Local\Temp\hixmrhgnywrbsajuoxy.bfg [61440 2013-07-18] (NVIDIA Corporation) <===== ATTENTION
HKU\Anny\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKU\Anny\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Anny\...\Command Processor: "C:\Users\Anny\AppData\Local\Temp\hixmrhgnywrbsajuoxy.bfg" <===== ATTENTION!
Startup: C:\Users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-03-18] (Adobe Systems)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-04-28] (Bitdefender)
S2 compactd; C:\Windows\system32\webio64.exe [106496 2011-07-18] ()
S2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [114688 2011-07-18] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [68856 2013-04-28] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1646792 2013-07-18] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-07-18] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-07-18] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-07-18] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82384 2013-01-31] (BitDefender SRL)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2013-04-28] (BitDefender LLC)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-01-03] (Duplex Secure Ltd.)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-07-18] (BitDefender S.R.L.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
S3 tmlwf; 
S3 tmwfp; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-19 01:24 - 2013-07-19 01:24 - 00000000 ____D C:\FRST
2013-07-18 09:55 - 2013-07-18 09:55 - 01084712 _____ C:\Users\Anny\AppData\Roaming\2433f433
2013-07-18 09:55 - 2013-07-18 09:55 - 01084708 _____ C:\Users\Anny\AppData\Local\2433f433
2013-07-18 09:55 - 2013-07-18 09:55 - 01084698 _____ C:\ProgramData\2433f433


==================== One Month Modified Files and Folders =======

2013-07-19 01:24 - 2013-07-19 01:24 - 00000000 ____D C:\FRST
2013-07-18 15:04 - 2009-07-13 20:51 - 00083875 _____ C:\Windows\setupact.log
2013-07-18 13:44 - 2013-01-06 06:01 - 00001426 _____ C:\Users\Anny\Desktop\Registry kostenlos entrümpeln!.lnk
2013-07-18 13:44 - 2010-09-15 00:32 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 13:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 13:43 - 2010-09-15 00:10 - 01350262 _____ C:\Windows\WindowsUpdate.log
2013-07-18 13:36 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-18 13:36 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-18 13:31 - 2013-02-16 02:34 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-07-18 13:29 - 2012-12-07 16:02 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2013-07-18 13:03 - 2012-11-08 03:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-18 12:58 - 2010-09-15 00:32 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 10:48 - 2012-07-21 08:46 - 00000000 ____D C:\Windows\rescache
2013-07-18 10:00 - 2010-09-15 00:54 - 00002326 _____ C:\Windows\System32\AutoRunFilter.ini
2013-07-18 09:57 - 2010-09-15 00:39 - 00177550 _____ C:\Windows\PFRO.log
2013-07-18 09:55 - 2013-07-18 09:55 - 01084712 _____ C:\Users\Anny\AppData\Roaming\2433f433
2013-07-18 09:55 - 2013-07-18 09:55 - 01084708 _____ C:\Users\Anny\AppData\Local\2433f433
2013-07-18 09:55 - 2013-07-18 09:55 - 01084698 _____ C:\ProgramData\2433f433
2013-07-18 09:50 - 2011-03-15 13:35 - 00000000 ____D C:\Users\Anny\AppData\Roaming\Skype
2013-07-18 07:55 - 2013-01-31 14:30 - 00718840 _____ (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-07-18 07:55 - 2013-01-31 14:30 - 00593144 _____ (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-07-18 07:55 - 2013-01-29 04:57 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-07-18 07:53 - 2010-09-15 00:32 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 07:53 - 2010-09-15 00:32 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-18 07:05 - 2012-11-08 03:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-18 07:04 - 2012-11-08 03:22 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-18 07:04 - 2012-11-08 03:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 06:58 - 2011-04-02 07:26 - 00000000 ___RD C:\Users\Anny\Dropbox
2013-07-18 06:58 - 2011-04-02 07:22 - 00000000 ____D C:\Users\Anny\AppData\Roaming\Dropbox
2013-07-18 06:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-18 06:52 - 2012-12-07 16:01 - 00000274 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-07-18 06:50 - 2011-03-15 14:44 - 00000446 ____H C:\Windows\Tasks\Norton Security Scan for Anny.job
2013-07-05 11:00 - 2009-08-04 01:51 - 00654844 _____ C:\Windows\System32\perfh007.dat
2013-07-05 11:00 - 2009-08-04 01:51 - 00130426 _____ C:\Windows\System32\perfc007.dat
2013-07-05 11:00 - 2009-07-13 21:13 - 01500254 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-05 10:56 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\Users\Anny\Launcher.exe
C:\Users\Anny\limbo.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 4061.02 MB
Available physical RAM: 3415.25 MB
Total Pagefile: 4059.17 MB
Available Pagefile: 3437.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:4.45 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:112.62 GB) NTFS (Disk=0 Partition=3)
Drive e: () (Removable) (Total:1.88 GB) (Free:1.84 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)


LastRegBack: 2013-07-18 06:52

==================== End Of Log ============================

Vielen Dank schon einmal im Voraus

mfg Raya

Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen

Log-Analyse und Auswertung: Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen

Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen

Ähnliche Themen: Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen