| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/Pidief.ckeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.03.2012, 19:18
| #3 |
| |  EXP/Pidief.cke Danke für die schnelle Antwort.
__________________so die DDS Txt kommt hier: .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by audiomesh at 18:48:20 on 2012-03-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2562 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\windows\WebCam\S6000\S6000Mnt.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\audiomesh\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Program Files (x86)\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BF0585B2-8071-4599-8298-F273A10CC53A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BF0585B2-8071-4599-8298-F273A10CC53A}\D65696E696560213 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\audiomesh\AppData\Roaming\Mozilla\Firefox\Profiles\nakvp20h.default\
FF - prefs.js: browser.startup.homepage - www.kvraudio.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-28 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-28 110032]
R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-29 2009704]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-12 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-29 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display-Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NIWinCDEmu;ISO Mounter driver;C:\windows\system32\DRIVERS\NIWinCDEmu.sys --> C:\windows\system32\DRIVERS\NIWinCDEmu.sys [?]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 S6000KNT;S6000KNT_WebCam Driver;C:\windows\system32\Drivers\S6000KNT.sys --> C:\windows\system32\Drivers\S6000KNT.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 gbxavs;Maschine Midi;C:\windows\system32\Drivers\gbxavs.sys --> C:\windows\system32\Drivers\gbxavs.sys [?]
S3 gbxusb_svc;Maschine Controller;C:\windows\system32\Drivers\gbxusb.sys --> C:\windows\system32\Drivers\gbxusb.sys [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\windows\system32\Drivers\KORGUM64.SYS --> C:\windows\system32\Drivers\KORGUM64.SYS [?]
S3 RDID1042;PCR-1;C:\windows\system32\Drivers\rdwm1042.sys --> C:\windows\system32\Drivers\rdwm1042.sys [?]
S3 RDID1043;PCR-1 MIDI;C:\windows\system32\Drivers\rdwm1043.sys --> C:\windows\system32\Drivers\rdwm1043.sys [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\windows\system32\DRIVERS\sscebus.sys --> C:\windows\system32\DRIVERS\sscebus.sys [?]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\windows\system32\DRIVERS\sscemdfl.sys --> C:\windows\system32\DRIVERS\sscemdfl.sys [?]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\windows\system32\DRIVERS\sscemdm.sys --> C:\windows\system32\DRIVERS\sscemdm.sys [?]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);C:\windows\system32\DRIVERS\ssceserd.sys --> C:\windows\system32\DRIVERS\ssceserd.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudserd.sys --> C:\windows\system32\DRIVERS\ssudserd.sys [?]
S3 SynUSB64;eLicenser;C:\windows\system32\DRIVERS\SynUSB64.sys --> C:\windows\system32\DRIVERS\SynUSB64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-12 18:48:38 -------- d-----w- C:\Users\audiomesh\AppData\Roaming\Malwarebytes
2012-03-12 18:48:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-12 18:48:17 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-12 18:48:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-12 16:29:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-12 16:29:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-19 02:20:24 -------- d-----w- C:\ProgramData\Solidshield
2012-02-19 02:20:22 -------- d-----w- C:\ProgramData\Electronic Arts
2012-02-19 02:20:22 -------- d-----w- C:\ProgramData\EA Core
2012-02-19 01:57:25 2582888 ----a-w- C:\windows\System32\D3DCompiler_42.dll
2012-02-19 01:57:25 1974616 ----a-w- C:\windows\SysWow64\D3DCompiler_42.dll
2012-02-19 01:57:24 5554512 ----a-w- C:\windows\System32\d3dcsx_42.dll
2012-02-19 01:57:24 5501792 ----a-w- C:\windows\SysWow64\d3dcsx_42.dll
2012-02-19 01:57:24 285024 ----a-w- C:\windows\System32\d3dx11_42.dll
2012-02-19 01:57:24 235344 ----a-w- C:\windows\SysWow64\d3dx11_42.dll
2012-02-19 01:57:23 2475352 ----a-w- C:\windows\System32\D3DX9_42.dll
2012-02-19 01:57:23 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2012-02-18 20:03:52 -------- d-----w- C:\Users\audiomesh\AppData\Local\Corel
2012-02-18 20:03:25 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-02-18 19:57:50 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2012-02-18 19:57:45 -------- d-----w- C:\Program Files (x86)\Corel
2012-02-18 19:57:45 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
.
==================== Find3M ====================
.
2012-02-27 09:12:00 144 ----a-w- C:\windows\SysWow64\msvcsv60.dll
2012-02-27 09:12:00 128 ----a-w- C:\Users\audiomesh\AppData\Roaming\msregsvv.dll
2012-02-22 14:49:56 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-19 15:56:03 111696 ----a-w- C:\windows\System32\drivers\NIWinCDEmu.sys
2012-01-03 10:51:34 128 ----a-w- C:\windows\System32\msvcsv60.dll
2012-01-03 09:21:25 2892 ----a-w- C:\windows\SysWow64\audcon.sys
2011-12-30 19:26:55 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys
2011-12-30 19:26:55 19872 ----a-w- C:\windows\System32\LenovoSDKEmSubSystem.dll
2011-12-29 20:20:57 0 ---ha-w- C:\Users\audiomesh\AppData\Roaming\.C2E86F5228CEB20A.sys
2011-12-29 18:12:05 667 ----a-w- C:\Users\audiomesh\sc3.tmp
2011-12-28 20:12:20 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 18:49:03,91 ===============
Der Rest ist im Anhang. Ich hoffe ich hab jetzt alles richtig geschnallt. Danke |
| Themen zu EXP/Pidief.cke |
| avira, enthält, erkannt, gefälschte, geschickt, hallo zusammen, hijack, hijackthis, hijackthis log, log, malwarebytes, meldung, rechner, rechnung, sorge, spybot, updates, vodafone, zusammen |
Baum-Darstellung