Trojaner Whitescreen - Lösung gesucht!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013
Ran by SYSTEM on MININT-J19H07M on 26-10-2013 11:04:11
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2010-05-05] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [148280 2010-05-05] ()
HKLM\...\RunOnce: [NoIE4StubProcessing] - C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f [74752 2009-07-13] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [VideoWebCamera] - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1545568 2010-05-26] (Suyin)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Lexmark Pro200-S500 Series] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\fm3032.exe [316072 2010-05-05] ()
HKU\Annabelle\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Annabelle\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-12] (Google Inc.)
HKU\Annabelle\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\Annabelle\...\Run: [Facebook Update] - C:\Users\Annabelle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\Annabelle\...\Run: [Lyoqofeb] - C:\Users\Annabelle\AppData\Roaming\Ozace\ifqas.exe [351744 2011-12-19] (DigTechnology SoftGroup)
HKU\Annabelle\...\Run: [IExplorer Util] - C:\Users\Annabelle\AppData\Roaming\ie_util.exe [88576 2013-08-27] (DigTechnology SoftGroup)
HKU\Annabelle\...\RunOnce: [osk.exe] - C:\Windows\System32\osk.exe [692736 2009-07-13] (Microsoft Corporation)
HKU\Annabelle\...\Winlogon: [Shell] explorer.exe,C:\Users\Annabelle\AppData\Roaming\data.dat [67072 2013-08-01] () <==== ATTENTION 
HKU\Chef\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Annabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
S2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe [598696 2010-04-14] ( )
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
S2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-26 11:04 - 2013-10-26 11:04 - 00000000 ____D C:\FRST
2013-10-23 09:37 - 2013-10-23 09:37 - 00003344 ____N C:\bootsqm.dat

==================== One Month Modified Files and Folders =======

2013-10-26 11:04 - 2013-10-26 11:04 - 00000000 ____D C:\FRST
2013-10-23 09:52 - 2013-09-22 05:45 - 00000004 _____ C:\Users\Annabelle\AppData\Roaming\settings.ini
2013-10-23 09:52 - 2012-03-02 02:54 - 01630145 _____ C:\Windows\WindowsUpdate.log
2013-10-23 09:52 - 2011-12-13 16:23 - 00000000 ____D C:\Users\Annabelle\Tracing
2013-10-23 09:52 - 2011-12-12 02:28 - 00050940 _____ C:\ProgramData\lxebscan.log
2013-10-23 09:52 - 2011-11-12 11:00 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 09:45 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 09:45 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 09:43 - 2011-11-12 11:00 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-23 09:38 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 09:38 - 2009-07-13 20:51 - 00110297 _____ C:\Windows\setupact.log
2013-10-23 09:37 - 2013-10-23 09:37 - 00003344 ____N C:\bootsqm.dat

Files to move or delete:
====================
C:\Users\Annabelle\AppData\Roaming\data.dat
C:\Users\Annabelle\AppData\Roaming\settings.ini
C:\ProgramData\6918016.pad
C:\Users\Annabelle\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Annabelle\AppData\Local\Temp\b34btbztdb0vavaw.exe
C:\Users\Annabelle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chef\AppData\Local\Temp\GoogleToolbarInstaller_stub_signed.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

7
Restore point made on: 2013-08-15 11:08:07
Restore point made on: 2013-08-20 05:30:32
Restore point made on: 2013-08-25 01:54:03
Restore point made on: 2013-09-12 11:53:38
Restore point made on: 2013-09-12 14:43:45
Restore point made on: 2013-09-13 00:17:23
Restore point made on: 2013-09-21 11:21:28

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 4090.9 MB
Available physical RAM: 3380.97 MB
Total Pagefile: 4089.05 MB
Available Pagefile: 3367.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.66 GB) (Free:394.94 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.95 GB) NTFS
Drive f: (<21>) (CDROM) (Total:7.79 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:15.12 GB) (Free:15.12 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FAA48CB0)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-08-22 07:58

==================== End Of Log ============================