Trojaner-Board - Startbildschirm Weiß, Abgesicherter Modus fährt automatisch herunter

Hallo! Ich habe folgendes Problem im Schlepptau. Ich habe den Laptop von einem Arbeitskollegen bekommen, damit ich mich um sein Problem kümmern kann. Leider übersteigt das hier meine Kenntnisse bei Weitem.

Habe mich ein wenig schlau gemacht und FRST64 heruntergeladen und wie beschrieben durchlaufen lassen.

LOG:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02

Ran by SYSTEM on 12-08-2013 19:29:43

Running from F:\

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
 

ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11438696 2011-10-25] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-10-19] (Realtek Semiconductor)

HKLM\...\Run: [SonicMasterTray] - C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2307368 2011-11-09] (Synaptics Incorporated)

HKLM\...\Run: [ATKOSD2] - C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)

HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM\...\Run: [Wireless Console 3] - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)

HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\AsScrPro.exe [3058304 2013-01-22] (ASUS)

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Winlogon: [Userinit]  [x]

HKLM-x32\...\Winlogon: [Shell]  [x ] () <=== ATTENTION

HKU\Mioara\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-24] (Yahoo! Inc.)

HKU\Mioara\...\Winlogon: [Shell] explorer.exe,C:\Users\Mioara\AppData\Roaming\cache.dat [84480 2009-07-13] () <==== ATTENTION 

AppInit_DLLs:   [0 ] ()
 

==================== Services (Whitelisted) =================
 

S2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2013-01-22] (Adobe Systems Incorporated)

S2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)

S2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [92800 2011-09-29] (ASUS)

S2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)

S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)

S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-01-22] (Google Inc.)

S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2013-01-22] (Google Inc.)

S3 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [878416 2009-06-10] (Microsoft Corporation)

S2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-27] (Pandora.TV)

S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
 

==================== Drivers (Whitelisted) ====================
 

S2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)

S0 assd; C:\Windows\System32\Drivers\assd.sys [23680 2010-04-28] (ASUS Corporation)

S3 athr; C:\Windows\System32\DRIVERS\athr.sys [2189312 2011-05-23] (Atheros Communications, Inc.)

S1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [14464 2011-09-07] (ASUS)

S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)

S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)

S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2009-07-13] (Intel Corporation)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)

S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [3524072 2011-10-25] (Realtek Semiconductor Corp.)

S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [414824 2011-08-23] (Realtek                                            )

S3 ASUSProcObsrv; \??\E:\U32U_WIN7_64_V3.00\I386\AsProcOb.sys [x]

S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [x]

S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [x]

S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [x]

S3 massfilter; system32\drivers\massfilter.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-29 11:33 - 2013-08-12 08:55 - 00000004 _____ C:\Users\Mioara\AppData\Roaming\cache.ini

2013-07-29 11:29 - 2013-07-29 11:29 - 00000997 _____ C:\Users\Mioara\Desktop\KMPlayer.lnk

2013-07-29 11:28 - 2013-07-29 11:30 - 00000000 ____D C:\Program Files\The KMPlayer

2013-07-29 11:10 - 2013-07-29 11:21 - 00004856 _____ C:\Windows\System32\TmInstall.log

2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ____D C:\Program Files\PANDORA.TV

2013-07-29 10:44 - 2013-07-29 10:49 - 26039992 _____ C:\Users\Mioara\Downloads\KMPlayer_3.5.0.77.exe

2013-07-28 10:11 - 2013-07-28 10:13 - 00000000 ____D C:\Users\Mioara\Desktop\BBC.The.Human.Body.Complete.RoSubbed.DivX.THx

2013-07-25 12:00 - 2013-07-25 12:01 - 00000000 ____D C:\Users\Mioara\Desktop\VA - Big Italian Music Album [TFM]

2013-07-14 04:45 - 2013-07-14 04:45 - 00501248 _____ (Facebook Inc.) C:\Users\Mioara\Downloads\FacebookVideoCallSetup_v1.2.205.0 (1).exe
 

==================== One Month Modified Files and Folders =======
 

2013-08-12 19:29 - 2013-08-12 19:29 - 00000000 ____D C:\FRST

2013-08-12 08:55 - 2013-07-29 11:33 - 00000004 _____ C:\Users\Mioara\AppData\Roaming\cache.ini

2013-08-12 08:55 - 2013-01-22 13:30 - 00045056 _____ C:\Windows\System32\acovcnt.exe

2013-08-12 08:55 - 2013-01-22 13:15 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-12 08:55 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-12 08:54 - 2009-07-13 20:39 - 00050016 _____ C:\Windows\setupact.log

2013-08-12 07:09 - 2009-07-13 20:34 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-12 07:09 - 2009-07-13 20:34 - 00014192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-05 10:01 - 2013-01-23 17:16 - 00659526 _____ C:\Windows\WindowsUpdate.log

2013-08-05 10:01 - 2013-01-22 13:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-05 10:00 - 2013-01-22 13:15 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-02 22:40 - 2009-11-10 21:43 - 00729268 _____ C:\Windows\System32\PerfStringBackup.INI

2013-07-29 11:30 - 2013-07-29 11:28 - 00000000 ____D C:\Program Files\The KMPlayer

2013-07-29 11:29 - 2013-07-29 11:29 - 00000997 _____ C:\Users\Mioara\Desktop\KMPlayer.lnk

2013-07-29 11:21 - 2013-07-29 11:10 - 00004856 _____ C:\Windows\System32\TmInstall.log

2013-07-29 11:20 - 2013-01-22 13:36 - 00000000 ____D C:\Program Files\Yahoo!

2013-07-29 11:20 - 2013-01-22 13:29 - 00254676 _____ C:\Windows\PFRO.log

2013-07-29 11:20 - 2009-07-13 20:33 - 00266808 _____ C:\Windows\System32\FNTCACHE.DAT

2013-07-29 11:19 - 2013-06-04 01:35 - 00000000 ____D C:\Users\Mioara\AppData\Roaming\uTorrent

2013-07-29 11:18 - 2013-01-22 13:37 - 00000000 ____D C:\ProgramData\Yahoo!

2013-07-29 11:17 - 2013-06-07 10:06 - 00000000 ____D C:\ProgramData\contineuuetyosave

2013-07-29 11:17 - 2013-01-26 06:12 - 00000000 ____D C:\Windows\System32\SupportAppZXH

2013-07-29 11:16 - 2013-06-04 03:10 - 00000000 ____D C:\Users\Mioara\AppData\Roaming\BSplayer

2013-07-29 11:16 - 2013-06-04 03:10 - 00000000 ____D C:\Program Files\Webteh

2013-07-29 11:16 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-07-29 11:13 - 2013-06-07 10:06 - 00000000 ____D C:\ProgramData\InstallMate

2013-07-29 11:12 - 2013-06-07 10:07 - 00000000 ____D C:\ProgramData\SearchNewTab

2013-07-29 11:10 - 2013-01-22 13:24 - 00000000 ____D C:\ProgramData\Trend Micro

2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ____D C:\Program Files\PANDORA.TV

2013-07-29 10:49 - 2013-07-29 10:44 - 26039992 _____ C:\Users\Mioara\Downloads\KMPlayer_3.5.0.77.exe

2013-07-28 10:23 - 2013-01-22 13:59 - 00000000 ____D C:\Users\Mioara\AppData\Roaming\Skype

2013-07-28 10:13 - 2013-07-28 10:11 - 00000000 ____D C:\Users\Mioara\Desktop\BBC.The.Human.Body.Complete.RoSubbed.DivX.THx

2013-07-25 12:01 - 2013-07-25 12:00 - 00000000 ____D C:\Users\Mioara\Desktop\VA - Big Italian Music Album [TFM]

2013-07-25 09:56 - 2013-05-02 05:23 - 00000000 ____D C:\Users\Mioara\AppData\Local\Microsoft Games

2013-07-23 09:18 - 2013-01-22 14:11 - 00000000 ____D C:\Users\Mioara\AppData\Roaming\Winamp

2013-07-15 11:26 - 2013-01-22 13:09 - 00000000 ____D C:\Program Files\ASUS

2013-07-15 10:24 - 2013-01-22 13:15 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-07-15 10:24 - 2013-01-22 13:15 - 00003630 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-07-14 13:31 - 2013-01-22 14:15 - 00002048 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-07-14 04:45 - 2013-07-14 04:45 - 00501248 _____ (Facebook Inc.) C:\Users\Mioara\Downloads\FacebookVideoCallSetup_v1.2.205.0 (1).exe
 

Files to move or delete:

====================

C:\Users\Mioara\AppData\Roaming\cache.dat

C:\Users\Mioara\AppData\Roaming\cache.ini
 

==================== Known DLLs (Whitelisted) ================
 

C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\PSAPI.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!

C:\Windows\SysWOW64\DifxApi.dll IS MISSING <==== ATTENTION!
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe

[2009-07-13 15:37] - [2009-07-13 17:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF
 

C:\Windows\System32\wininit.exe

[2009-07-13 15:36] - [2009-07-13 17:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665
 

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\explorer.exe

[2009-11-10 21:41] - [2009-08-02 21:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047
 

C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\svchost.exe

[2009-07-13 15:19] - [2009-07-13 17:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866
 

C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
 

C:\Windows\System32\User32.dll

[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861
 

C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.

C:\Windows\System32\userinit.exe

[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175
 

C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.

C:\Windows\System32\Drivers\volsnap.sys

[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD
 
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-07-28 03:29:56

Restore point made on: 2013-07-29 11:14:44

Restore point made on: 2013-07-29 11:15:47

Restore point made on: 2013-07-29 11:17:12
 

==================== Memory info =========================== 
 

Percentage of memory in use: 14%

Total physical RAM: 3690.78 MB

Available physical RAM: 3147.91 MB

Total Pagefile: 3688.98 MB

Available Pagefile: 3137.03 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:47.9 GB) (Free:26.75 GB) NTFS (Disk=0 Partition=2)

Drive e: () (Fixed) (Total:250.09 GB) (Free:198.05 GB) NTFS (Disk=0 Partition=3)

Drive f: () (Removable) (Total:7.45 GB) (Free:4.28 GB) NTFS (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1)
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 000A138B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=48 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)
 
 

LastRegBack: 2013-08-02 22:53
 

==================== End Of Log ============================