Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Live Security Platinum - Wie Entfernen ?

Live Security Platinum - Wie Entfernen ?


Plagegeister aller Art und deren Bekämpfung: Live Security Platinum - Wie Entfernen ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.07.2012, 21:03   #1
uli_lu
 
Live Security Platinum - Wie Entfernen ? - Standard

Live Security Platinum - Wie Entfernen ?


Hallo Zusammen,

ich habe mir auf meinem Windows 7 Netbook den o.g. Virus eingefangen.
Ich habe die diversen Threads zum Thema hier gelesen und habe
folgendes bereits ausgeführt:
- defogger
- otl
- gmer

ich hoffe ich habe das soweit richtig gemacht, oder hätte ich Malwarebytes vorher ausführen müssen?

Vielen Dank für Euere Hilfe
Uli

hier noch das otl-log; die anderen logs als anhang

OTL logfile created on: 26.07.2012 20:35:42 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Uli\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1011,87 Mb Total Physical Memory | 626,00 Mb Available Physical Memory | 61,87% Memory free
1,99 Gb Paging File | 1,63 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,68 Gb Total Space | 169,09 Gb Free Space | 78,40% Space Free | Partition Type: NTFS
Drive D: | 4,10 Gb Total Space | 2,59 Gb Free Space | 63,33% Space Free | Partition Type: FAT32

Computer Name: ULI-PC | User Name: Uli | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.26 20:32:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Uli\Desktop\OTL.exe
PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012.07.20 22:53:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.12 22:51:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.11.02 14:43:44 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.14 13:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.07 10:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.22 21:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Programme\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010.09.23 01:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 23:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.11.18 18:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Programme\M-net\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.11.18 18:07:30 | 000,524,712 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Programme\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.11.18 18:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)


========== Driver Services (SafeList) ==========

DRV - [2012.05.29 19:27:00 | 000,149,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012.05.09 14:13:34 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts)
DRV - [2012.02.22 16:43:01 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2011.11.02 15:04:35 | 000,041,552 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fses.sys -- (FSES)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.05.12 13:22:14 | 000,062,048 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2011.05.12 13:22:14 | 000,019,304 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2011.05.12 13:22:14 | 000,016,744 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011.03.07 05:46:26 | 000,252,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.08 21:15:28 | 007,430,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2009.11.18 18:08:18 | 000,069,928 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Programme\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.11.18 18:07:30 | 000,072,904 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009.11.18 18:06:22 | 000,014,248 | ---- | M] () [Kernel | System | Stopped] -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.07.13 16:11:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.12.18 15:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.10 22:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:53:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.09.03 18:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\Extensions
[2012.05.03 09:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\Firefox\Profiles\v45njmym.default\extensions
[2012.03.23 15:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.20 22:53:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.04 22:24:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.04 22:24:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.04 22:24:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.04 22:24:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.04 22:24:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.04 22:24:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Uli\AppData\Local\Apps\2.0\CVTD8EZQ.5NJ\7265Z7MK.03Y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\RunOnce: [6C82D128000117EA0055131AF875F020] C:\ProgramData\6C82D128000117EA0055131AF875F020\6C82D128000117EA0055131AF875F020.exe ()
O4 - Startup: C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07CB6C9D-6369-4E78-A154-F06D751B8D69}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{551CCC67-58ED-4543-8D89-02AB0C9B7578}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FFBFED2-2E72-4757-9463-108CB0E9F941}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.26 20:33:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Uli\Desktop\OTL.exe
[2012.07.25 22:05:58 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.25 22:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\6C82D128000117EA0055131AF875F020
[2012.07.19 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\webkit
[2012.07.14 23:18:52 | 000,000,000 | ---D | C] -- C:\Users\Uli\.gimp-2.6
[2012.07.14 23:18:51 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\gegl-0.1
[2012.07.14 23:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.14 11:41:49 | 000,000,000 | ---D | C] -- C:\Users\Uli\Documents\nvu
[2012.07.13 23:02:27 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\Nvu
[2012.07.13 23:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
[2012.07.13 23:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu

========== Files - Modified Within 30 Days ==========

[2012.07.26 20:32:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Uli\Desktop\OTL.exe
[2012.07.26 20:31:20 | 000,000,000 | ---- | M] () -- C:\Users\Uli\defogger_reenable
[2012.07.26 20:13:51 | 000,661,500 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.26 20:13:51 | 000,623,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.26 20:13:51 | 000,133,230 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.26 20:13:51 | 000,109,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.26 20:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 20:09:26 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 22:05:57 | 000,002,024 | ---- | M] () -- C:\Users\Uli\Desktop\Live Security Platinum.lnk
[2012.07.25 21:50:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 20:20:58 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 20:20:57 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 23:23:38 | 000,000,841 | ---- | M] () -- C:\Users\Uli\AppData\Local\recently-used.xbel
[2012.07.14 23:17:49 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.07.14 21:39:05 | 000,284,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.13 23:02:08 | 000,000,859 | ---- | M] () -- C:\Users\Uli\Desktop\Nvu.lnk

========== Files Created - No Company Name ==========

[2012.07.26 20:31:20 | 000,000,000 | ---- | C] () -- C:\Users\Uli\defogger_reenable
[2012.07.25 22:05:57 | 000,002,024 | ---- | C] () -- C:\Users\Uli\Desktop\Live Security Platinum.lnk
[2012.07.19 23:23:38 | 000,000,841 | ---- | C] () -- C:\Users\Uli\AppData\Local\recently-used.xbel
[2012.07.14 23:17:49 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.14 23:17:49 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.07.13 23:02:08 | 000,000,859 | ---- | C] () -- C:\Users\Uli\Desktop\Nvu.lnk
[2012.01.11 14:28:22 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0d034e4b-e90c-88fa-2301-80daa8db516f}\@
[2012.01.11 14:28:22 | 000,002,048 | -HS- | C] () -- C:\Users\Uli\AppData\Local\{0d034e4b-e90c-88fa-2301-80daa8db516f}\@
[2011.12.18 15:49:44 | 000,065,536 | ---- | C] () -- C:\Users\Uli\1031.MST
[2011.12.18 15:49:39 | 046,093,312 | ---- | C] () -- C:\Users\Uli\Vodafone Mobile Connect.msi
[2011.11.02 14:38:49 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.07.15 15:51:44 | 000,661,500 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.07.15 15:51:44 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.07.15 15:51:44 | 000,133,230 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.07.15 15:51:44 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.05.12 12:39:00 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.05.12 12:34:53 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2011.05.12 12:34:53 | 000,029,494 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2011.05.12 12:34:53 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.05.12 12:34:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2011.05.12 12:34:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.05.12 12:34:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.05.12 12:34:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.05.12 12:34:53 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2011.05.12 12:34:53 | 000,000,040 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.05.12 12:34:52 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011.05.12 12:31:42 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.04.09 14:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== LOP Check ==========

[2011.12.18 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Bytemobile
[2012.07.13 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Nvu
[2012.01.17 17:44:01 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\OpenOffice.org
[2012.07.23 23:47:48 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\SoftGrid Client
[2011.09.03 18:20:37 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Thunderbird
[2011.09.03 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\TP
[2011.12.18 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Vodafone
[2011.12.18 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Vodafone Mobile Connect
[2012.02.15 11:06:32 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Angehängte Dateien
Dateityp: 7z logfiles.7z (15,0 KB, 156x aufgerufen)

 

Themen zu Live Security Platinum - Wie Entfernen ?
.dll, adobe, adobe flash player, anschluss, autorun, bingbar, entfernen, explorer, flash player, launch, microsoft, phishing, plug-in, pmmupdate.exe, programme, rogue.livesecurityplatinum, rootkit.0access, searchscopes, security, symantec, trojan.lameshield, trojan.zaccess, vodafone, w32/zeroaccess.b, wie entfernen, win32/sirefef.fc, windows


« live security platinum eingefangen | Pop-Up Fenster (http://ad.adserverplus.com...) - Hilfe bei Malware-Installierung »


Ähnliche Themen: Live Security Platinum - Wie Entfernen ?


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum entfernen
    Log-Analyse und Auswertung - 04.10.2012 (31)
  3. Live Security Platinum komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  4. Live Security Platinum - vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (34)
  5. XP32: Live Security Platinum Infekt auf einem Account über ADMIN zu entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (9)
  6. Entfernen von Live Security Platinum erfolgreich?
    Log-Analyse und Auswertung - 29.07.2012 (11)
  7. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  8. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  9. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  10. Live Security Platinum wieder entfernen?
    Log-Analyse und Auswertung - 24.07.2012 (27)
  11. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  12. Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)
    Log-Analyse und Auswertung - 22.07.2012 (4)
  13. Live Security Platinum entfernen - hier mein Malwarebytes scan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  14. Live Security Platinum entfernen
    Mülltonne - 18.07.2012 (0)
  15. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  16. Live Security Platinum lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  17. Live Security Platinum entfernen
    Anleitungen, FAQs & Links - 01.06.2012 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Live Security Platinum - Wie Entfernen ? - Hallo Zusammen, ich habe mir auf meinem Windows 7 Netbook den o.g. Virus eingefangen. Ich habe die diversen Threads zum Thema hier gelesen und habe folgendes bereits ausgeführt: - defogger - Live Security Platinum - Wie Entfernen ?...
Archiv
Du betrachtest: Live Security Platinum - Wie Entfernen ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131