Trojaner-Board - EXP/Pidief.cke

Danke für die schnelle Antwort.
so die DDS Txt kommt hier:

.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30

Run by audiomesh at 18:48:20 on 2012-03-14

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.2562 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\windows\WebCam\S6000\S6000Mnt.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Realtek\RtLED\RtLEDService.exe

C:\Program Files\Realtek\RtLED\RtLED.exe

C:\windows\system32\sppsvc.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\audiomesh\Downloads\Defogger.exe

C:\windows\system32\conhost.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

mStart Page = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Program Files (x86)\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BF0585B2-8071-4599-8298-F273A10CC53A} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BF0585B2-8071-4599-8298-F273A10CC53A}\D65696E696560213 : DhcpNameServer = 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{53707962-6F74-2D53-2644-206D7942484F}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\audiomesh\AppData\Roaming\Mozilla\Firefox\Profiles\nakvp20h.default\

FF - prefs.js: browser.startup.homepage - www.kvraudio.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]

R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-28 86224]

R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-28 110032]

R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-29 2009704]

R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-12 1153368]

R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-29 2656280]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

R3 IntcDAud;Intel(R) Display-Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NIWinCDEmu;ISO Mounter driver;C:\windows\system32\DRIVERS\NIWinCDEmu.sys --> C:\windows\system32\DRIVERS\NIWinCDEmu.sys [?]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 S6000KNT;S6000KNT_WebCam Driver;C:\windows\system32\Drivers\S6000KNT.sys --> C:\windows\system32\Drivers\S6000KNT.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]

S3 gbxavs;Maschine Midi;C:\windows\system32\Drivers\gbxavs.sys --> C:\windows\system32\Drivers\gbxavs.sys [?]

S3 gbxusb_svc;Maschine Controller;C:\windows\system32\Drivers\gbxusb.sys --> C:\windows\system32\Drivers\gbxusb.sys [?]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\windows\system32\Drivers\KORGUM64.SYS --> C:\windows\system32\Drivers\KORGUM64.SYS [?]

S3 RDID1042;PCR-1;C:\windows\system32\Drivers\rdwm1042.sys --> C:\windows\system32\Drivers\rdwm1042.sys [?]

S3 RDID1043;PCR-1 MIDI;C:\windows\system32\Drivers\rdwm1043.sys --> C:\windows\system32\Drivers\rdwm1043.sys [?]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\windows\system32\DRIVERS\sscebus.sys --> C:\windows\system32\DRIVERS\sscebus.sys [?]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\windows\system32\DRIVERS\sscemdfl.sys --> C:\windows\system32\DRIVERS\sscemdfl.sys [?]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\windows\system32\DRIVERS\sscemdm.sys --> C:\windows\system32\DRIVERS\sscemdm.sys [?]

S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);C:\windows\system32\DRIVERS\ssceserd.sys --> C:\windows\system32\DRIVERS\ssceserd.sys [?]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]

S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudserd.sys --> C:\windows\system32\DRIVERS\ssudserd.sys [?]

S3 SynUSB64;eLicenser;C:\windows\system32\DRIVERS\SynUSB64.sys --> C:\windows\system32\DRIVERS\SynUSB64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-12 18:48:38        --------        d-----w-        C:\Users\audiomesh\AppData\Roaming\Malwarebytes

2012-03-12 18:48:18        --------        d-----w-        C:\ProgramData\Malwarebytes

2012-03-12 18:48:17        23152        ----a-w-        C:\windows\System32\drivers\mbam.sys

2012-03-12 18:48:16        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-12 16:29:03        --------        d-----w-        C:\ProgramData\Spybot - Search & Destroy

2012-03-12 16:29:03        --------        d-----w-        C:\Program Files (x86)\Spybot - Search & Destroy

2012-02-19 02:20:24        --------        d-----w-        C:\ProgramData\Solidshield

2012-02-19 02:20:22        --------        d-----w-        C:\ProgramData\Electronic Arts

2012-02-19 02:20:22        --------        d-----w-        C:\ProgramData\EA Core

2012-02-19 01:57:25        2582888        ----a-w-        C:\windows\System32\D3DCompiler_42.dll

2012-02-19 01:57:25        1974616        ----a-w-        C:\windows\SysWow64\D3DCompiler_42.dll

2012-02-19 01:57:24        5554512        ----a-w-        C:\windows\System32\d3dcsx_42.dll

2012-02-19 01:57:24        5501792        ----a-w-        C:\windows\SysWow64\d3dcsx_42.dll

2012-02-19 01:57:24        285024        ----a-w-        C:\windows\System32\d3dx11_42.dll

2012-02-19 01:57:24        235344        ----a-w-        C:\windows\SysWow64\d3dx11_42.dll

2012-02-19 01:57:23        2475352        ----a-w-        C:\windows\System32\D3DX9_42.dll

2012-02-19 01:57:23        1892184        ----a-w-        C:\windows\SysWow64\D3DX9_42.dll

2012-02-18 20:03:52        --------        d-----w-        C:\Users\audiomesh\AppData\Local\Corel

2012-02-18 20:03:25        952        --sha-w-        C:\ProgramData\KGyGaAvL.sys

2012-02-18 19:57:50        --------        d-----w-        C:\Program Files (x86)\Common Files\Protexis

2012-02-18 19:57:45        --------        d-----w-        C:\Program Files (x86)\Corel

2012-02-18 19:57:45        --------        d-----w-        C:\Program Files (x86)\Common Files\Corel

.

==================== Find3M  ====================

.

2012-02-27 09:12:00        144        ----a-w-        C:\windows\SysWow64\msvcsv60.dll

2012-02-27 09:12:00        128        ----a-w-        C:\Users\audiomesh\AppData\Roaming\msregsvv.dll

2012-02-22 14:49:56        414368        ----a-w-        C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-19 15:56:03        111696        ----a-w-        C:\windows\System32\drivers\NIWinCDEmu.sys

2012-01-03 10:51:34        128        ----a-w-        C:\windows\System32\msvcsv60.dll

2012-01-03 09:21:25        2892        ----a-w-        C:\windows\SysWow64\audcon.sys

2011-12-30 19:26:55        39008        ----a-w-        C:\windows\System32\drivers\LhdX64.sys

2011-12-30 19:26:55        19872        ----a-w-        C:\windows\System32\LenovoSDKEmSubSystem.dll

2011-12-29 20:20:57        0        ---ha-w-        C:\Users\audiomesh\AppData\Roaming\.C2E86F5228CEB20A.sys

2011-12-29 18:12:05        667        ----a-w-        C:\Users\audiomesh\sc3.tmp

2011-12-28 20:12:20        18960        ----a-w-        C:\windows\System32\drivers\LNonPnP.sys

.

============= FINISH: 18:49:03,91 ===============
--- --- ---

Der Rest ist im Anhang. Ich hoffe ich hab jetzt alles richtig geschnallt.
Danke