@ sabina auch bei spyclean gibts ein problem!

hast du noch ein anderes programm?

Oooch, an Proggies fehlt es mir nicht
wo ist denn das Problem ? Bekommst du das Tool nicht zum Laufen ?

«
scanne mit avz
poste den report
AVZ Antiviral Toolkit

AVZ Antiviral Toolkit log; AVZ version is 4.29
Scanning started at 17.03.2008 19:22:38
Database loaded: signatures - 138934, NN profile(s) - 2, microprograms of healing - 55, signature database released 12.12.2007 10:43
Heuristic microprograms loaded: 371
SPV microprograms loaded: 9
Digital signatures of system files loaded: 66967
Heuristic analyzer mode: Medium heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Recovery: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=0846E0)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055B6E0
KiST = 80503940 (284)
Function NtConnectPort (1F) intercepted (805A30A4->866DE008), hook not defined
Function NtOpenProcess (7A) intercepted (805C9CFE->86422D30), hook not defined
Function NtOpenThread (80) intercepted (805C9F8A->86422BA0), hook not defined
Functions checked: 284, intercepted: 3, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: the extended monitoring driver (AVZPM) is not installed
2. Scanning memory
Number of processes found: 56
Number of modules loaded: 434
Memory checking - complete
3. Scanning disks
C:\Casino\bet-at-home.com Poker\db.dll >>> suspicion for Trojan-Downloader.Win32.Agent.axg ( 08E81C97 04E7D648 00197A13 00000000 8704)
Direct reading C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0DQ34TIJ\bc[2].htm
Direct reading C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcrst.dll
C:\SDFix\backups\backups.zip/{ZIP}/backups/netmon.exe >>>>> Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP173\A0079600.dll >>>>> AdvWare.Win32.WhenU.r
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP174\A0079706.exe >>>>> Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP174\A0079720.exe >>>>> Trojan.Win32.BHO.ab
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP174\A0079733.exe >>>>> Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP174\A0079741.exe >>>>> Trojan.Win32.BHO.ab
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP175\A0085110.dll >>>>> AdvWare.Win32.CommAd.a
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP175\A0085111.exe >>>>> AdvWare.Win32.CommAd.a
C:\System Volume Information\_restore{B5EAD60C-955B-4F8C-B0A4-54449757D887}\RP175\A0085119.exe >>> suspicion for Trojan-Downloader.Win32.Small.buy ( 0ADE0AC3 084D72D1 0021CEF1 00234A48 25105)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed TermService (Terminaldienste)
>> Services: potentially dangerous service allowed SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed Schedule (Taskplaner)
>> Services: potentially dangerous service allowed mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking complete
9. Troubleshooting wizard
Checking complete
Files scanned: 96093, extracted from archives: 77488, malicious programs found 8, suspicions - 2
Scanning finished at 17.03.2008 19:58:28
Time of scanning: 00:35:53
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

Hallo

1.
lösche:
C:\SDFix\backups\backups.zip
C:\Casino
C:\WINDOWS\system32\usb496.dat
+
leere den Papierkorb

2.
otmoveIt
klicken: CleanUp! button

3.
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)
Systemwiederherstellung für Windows XP - Vista

4.
F-secure/Onlinescan
Online Virenscanner
scanne + poste den report

bis auf punkt 4 alles getan.
da ich nur mehr begrenztes download volumen habe muss es ein online scanner sein?

im Grunde müsste wieder alles i.o. sein - der Onlinescan war nur zum überprüfen.

«
fixe mmit dem HijackTHis, falls es dich im Systemstart stört.

Zitat:

O4 - HKLM\..\Run: [AVP] "C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_14.03.2008_11-23.exe"

2.
dann scanne noch mal mit deinem Symantec und berichte, ob er noch was meldet.