Jetzt seh ich auch, dass ich Outlook nicht mehr starten kann:

"Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Ich glaub, dass war auch der Text vorhin beim mobilen Internet.

Ich hoffe, dass ich, meine Unwissenheit und meine Naivität nicht zu lässtig und anstrengend sind.

Gruß

Starte Windows bitte neu. Es kann schonmal vorkommen, dass nach CF erst einige Sachen nach einem Neustart wieder so laufen wie sie laufen sollen.

Bitte nach dem Reboot dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Zitat:

Zitat von cosinus

Starte Windows bitte neu. Es kann schonmal vorkommen, dass nach CF erst einige Sachen nach einem Neustart wieder so laufen wie sie laufen sollen.

Stimmt! Heute funktioniert wieder alles!

Hab das mit dem tdsskiller gemacht! Hat aber nix gefunden!

Gruß Karin

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur wenige Sekunden.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-25 20:48:29
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBDO
Running: eo1vn5je.exe; Driver: C:\Users\Karin\AppData\Local\Temp\pwtoqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\tos_sps32.sys  section is writeable [0x8BD58000, 0x4036D, 0xE8000020]
.dsrt  C:\Windows\system32\DRIVERS\tos_sps32.sys  unknown last section [0x8BDA1000, 0x510, 0x40000040]

---- EOF - GMER 1.0.15 ----
         

--- --- ---

HILFE!

Hab keine Ahnung wie ich osam_autorun_manager_version_portable.rar entpacken könnte!

lg

Ok....manchmal stell ich mich echt dumm an, ich weiß!
Habs geschaft, mach jetzt den Scan!

lg

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 07:28:22 on 26.03.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"TOSCDSPD.cpl" - ? - C:\Windows\system32\TOSCDSPD.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Logitech AEC Driver" (LVcKap) - ? - C:\Windows\System32\DRIVERS\LVcKap.sys  (File not found)
"Logitech LVPr2Mon Driver" (LVPr2Mon) - ? - C:\Windows\System32\DRIVERS\LVPr2Mon.sys  (File not found)
"Logitech Machine Vision Engine Loader" (LVMVDrv) - ? - C:\Windows\System32\DRIVERS\LVMVDrv.sys  (File not found)
"Logitech QuickCam Express(PID_0928)" (PID_0928) - ? - C:\Windows\System32\DRIVERS\LV561AV.SYS  (File not found)
"Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\Windows\System32\drivers\lvusbsta.sys  (File not found)
"Symantec Intrusion Prevention Driver" (IDSvix86) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys  (File not found)
"Touch Pad Detection Filter driver" (TpChoice) - ? - C:\Windows\System32\DRIVERS\TpChoice.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file:///C:/Windows/Java/classes/xmldso.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://gamenextde.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll / hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)
"eBay" - ? - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/  (HTTP value)
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Scanner Finder.lnk" - ? - C:\Program Files\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
"Corel Photo Downloader" - "Corel, Inc." - "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
"HWSetup" - ? - \HWSetup.exe hwSetUP  (File not found)
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"KeNotify" - ? - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"PCSuiteTrayApplication" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SVPWUTIL" - "TOSHIBA" - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
"topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
"tsnpstd3" - "SONIX" - C:\Windows\tsnpstd3.exe
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - ? - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe  (File not found)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Symantec AppCore Service" (SymAppCore) - ? - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"  (File not found)
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - ? - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe  (File not found)
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
"Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

So und das sit der MBRCheck!

LG

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/27/2011 at 11:00 AM

Application Version : 4.50.1002

Core Rules Database Version : 6683
Trace Rules Database Version: 4495

Scan type : Complete Scan
Total Scan Time : 03:01:54

Memory items scanned : 755
Memory threats detected : 0
Registry items scanned : 19954
Registry threats detected : 0
File items scanned : 202050
File threats detected : 35

Adware.Tracking Cookie
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@adtech[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@atdmt[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@tradedoubler[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@247realmedia[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@maxis.112.2o7[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@msnportal.112.2o7[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@bs.serving-sys[2].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@doubleclick[1].txt
C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Cookies\karin@serving-sys[1].txt
69.memecounter.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
asset1.countrylife.joyeurs.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
asset2.countrylife.joyeurs.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
c2.zedo.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
cdn-www.pornhub.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
cdn.media.zylom.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
cdn5.specificclick.net [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
countrylife.joyeurs.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
enterotracker.de [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
gamenextde.oberon-media.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
googleads.g.doubleclick.net [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
ia.media-imdb.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
imagesrv.adition.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
imgs.adverticum.net [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
m.doubleclick.net [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
macromedia.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
media.jambocast.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
pornme.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
pornoprinzen.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
spe.atdmt.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
spilspielen.oberon-media.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
tracksimple.s3.amazonaws.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
www.3animalsextube.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
www.pornhub.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
www.pornoprinzen.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]
www.vianadserver.com [ C:\Users\Karin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2GDYSLV5 ]

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Probleme gibts eigentlich keine!

Kaspersky zeigt halt immer noch diese Meldung an!
Die werd ich wahrscheinlich nicht mehr los, oder?

Soll ich diese Cookies löschen? Aber die haben wahrscheinlich keine Auswirkungen auf die Meldung von Kaspersky!

LG
Karin

Zitat:

Kaspersky zeigt halt immer noch diese Meldung an!

Bei der autorun.inf? Lösch die einfach.
Besser noch: zustäzlich die automatische Wiedergabe für alle Laufwerkstypen deaktivieren.

Zitat:

Zitat von cosinus

Bei der autorun.inf? Lösch die einfach.
Besser noch: zustäzlich die automatische Wiedergabe für alle Laufwerkstypen deaktivieren.

Ja und wie kann ich das machen?? Sorry, aber ich kenn mich einfach nicht aus.

LG
Karin