Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Virus mit Blackscreens

ComboFix 12-01-26.01 - Tim 26.01.2012  16:48:35.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8191.6737 [GMT 1:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoodsdddd\1.4.17.11\dddd.exe
c:\program files (x86)\LP
c:\program files (x86)\LP\0010\4E21.tmp
c:\program files (x86)\LP\0010\55D2.tmp
c:\program files (x86)\LP\0010\5642.tmp
c:\program files (x86)\LP\0010\8C59.tmp
c:\program files (x86)\LP\0010\966B.tmp
c:\program files (x86)\LP\0010\CC83.tmp
c:\program files (x86)\LP\0010\D5CC.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-26 bis 2012-01-26  ))))))))))))))))))))))))))))))
.
.
2012-01-26 15:50 . 2012-01-26 15:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-26 15:46 . 2012-01-26 15:46	--------	d-----w-	c:\users\Tim\AppData\Roaming\Avira
2012-01-25 20:32 . 2012-01-25 20:38	--------	d-----w-	C:\_OTL
2012-01-25 17:13 . 2012-01-25 17:13	--------	d-----w-	c:\users\Tim\AppData\Roaming\Malwarebytes
2012-01-25 17:12 . 2012-01-25 17:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-25 17:12 . 2012-01-25 17:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 17:12 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-24 19:17 . 2012-01-25 17:25	--------	d-----w-	c:\program files (x86)\F078A
2012-01-24 19:16 . 2012-01-25 18:53	--------	d-----w-	c:\users\Tim\AppData\Roaming\067F0
2012-01-24 14:47 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACDA49D7-47DC-4742-8542-05E6ACF593A5}\mpengine.dll
2012-01-14 06:41 . 2012-01-14 06:41	--------	d-----w-	c:\program files (x86)\Easy-Shutdown
2012-01-14 06:41 . 2012-01-14 06:41	--------	d-----w-	c:\windows\uninstall
2012-01-11 15:35 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 15:35 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 15:34 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 15:34 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 15:34 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 15:34 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 15:22 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 15:22 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-10 16:19 . 2012-01-10 16:30	--------	d-----w-	c:\program files (x86)\MP3Gain
2012-01-09 20:26 . 2012-01-09 20:29	--------	d-----w-	c:\program files (x86)\SpeedFan
2012-01-08 12:47 . 2012-01-08 12:47	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 12:47 . 2012-01-08 12:47	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 12:47 . 2012-01-08 12:47	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 12:47 . 2012-01-08 12:47	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 14:52 . 2011-12-17 14:52	12904	----a-w-	c:\windows\system32\drivers\mv2.sys
2011-12-17 14:52 . 2011-12-17 14:52	27240	----a-w-	c:\windows\system32\mv2.dll
2011-12-15 10:02 . 2011-10-03 11:16	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 18:32	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-10-03 10:18	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 18:29	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 18:29	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-10-31 17:38 . 2011-10-31 17:38	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2011-10-03 15:43 . 2008-08-11 13:24	6389760	----a-w-	c:\program files (x86)\Multidecoder.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RivaTuner.lnk - c:\program files (x86)\RivaTuner v2.24 (2009)\RivaTunerWrapper.exe [2009-8-22 24576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2011-10-3 1617920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-18 2169592]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-10-06 212256]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 ALSysIO;ALSysIO;c:\users\Tim\AppData\Local\Temp\ALSysIO64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [x]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 (2009)\RivaTuner64.sys [2011-10-04 19952]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 (2009)\RivaTunerWrapper.exe" [2009-08-22 24576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Settings,ProxyServer = http=127.0.0.1:50182
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\rkhorf1z.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50182
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1348303554-1960285835-3578576916-1000\Software\SecuROM\License information*]
"datasecu"=hex:d3,0f,1f,22,be,9d,7f,d5,6e,da,5b,0d,89,68,f1,85,af,78,8f,31,b2,
   06,55,b1,26,e5,9a,0c,2e,39,a2,35,47,77,5c,71,d4,a5,0f,5e,39,ce,63,68,b0,38,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-26  16:52:17
ComboFix-quarantined-files.txt  2012-01-26 15:52
.
Vor Suchlauf: 9 Verzeichnis(se), 12.209.434.624 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 12.097.150.976 Bytes frei
.
- - End Of File - - 94E01C5BF25844EAB6853A0AB5D5ACF1