Kann bitte ganz dringend jmd.den Logfile prüfen

Eve111

Es ist wirklich ganz dringend !! Den Hijack Logfile habe ich vor 1 Woche hier prüfen lassen und sollte den Logfile von AVZ posten. Hier ist er.
Ich kann zwar mittlerweile wieder Programme normal öffnen, habe aber immer noch unzählige Popups und Störungen, wenn ich mich z.B. in meinen Mail Account einloggen will kommt die Seite nicht, wenn ich was bei Google oder Yahoo eingebe, kommt auch nichts. Vorab schonmal danke !!


C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe;2;Suspicion for AdvWare.Win32.Sahat.bp ( 09A113F9 0AB58265 00213B61 001F80B9 177480)
C:\Dokumente und Einstellungen\***\Found\FOUND.000\FILE0011.CHK;2;Suspicion for Trojan-PSW.Win32.LdPinch.caw ( 0BB6888A 0C9FEBFE 00291905 0027FA96 32768)
C:\Programme\Zylom Games\Cake Mania Deluxe\cakemania.bak;3;PE file with non-standard extension(dangerousness level is 5%)
C:\Programme\PlayFirst\WordJong\WordJong.exe.bak;3;PE file with non-standard extension(dangerousness level is 5%)
C:\FOUND.013\FILE0069.CHK;2;Suspicion for Trojan-Downloader.Win32.Agent.afu ( 0AB58B5E 0B2165D3 001C36F2 001C9BE7 32768)
C:\Programme\WildTangent\Apps\CDA\CDALogger0402.dll;3; HSC: suspicion for Spy.WindTangent
C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll;3; HSC: suspicion for Spy.WindTangent
D:\autorun.inf;3; HSC: suspicion for hidden autorun (high degree of probability)
D:\Setup.exe;3; HSC: suspicion for hidden autorun D:\autorun.inf [Autorun\Open]


AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 11.07.2008 22:35:14
Database loaded: signatures - 175195, NN profile(s) - 2, microprograms of healing - 56, signature database released 09.07.2008 21:59
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 70476
Heuristic analyzer mode: Maximum heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Restore: Disabled
System booted in Safe Mode
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:FindNextFileW (219) intercepted, method CodeHijack (method not defined), masking hook using 1 NOP operators
Function kernel32.dll:LoadLibraryExW (580) intercepted, method CodeHijack (method not defined)
Function kernel32.dll:MoveFileWithProgressW (611) intercepted, method APICodeHijack.JmpTo[2A2B0759]
Function kernel32.dll:OpenFile (622) intercepted, method APICodeHijack.JmpTo[2A2AEABB]
Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:LdrLoadDll (70) intercepted, method APICodeHijack.JmpTo[2A2A94EE]
Function ntdll.dll:LdrUnloadDll (80) intercepted, method APICodeHijack.JmpTo[2A2A88C1]
Function ntdll.dll:NtQueryDirectoryFile (234) intercepted, method APICodeHijack.JmpTo[2A2B1451]
Function ntdll.dll:NtQueryInformationFile (240) intercepted, method APICodeHijack.JmpTo[2A2ACE63]
Function ntdll.dll:NtQuerySystemInformation (263) intercepted, method APICodeHijack.JmpTo[2A2AE565]
Function ntdll.dll:NtReadVirtualMemory (276) intercepted, method APICodeHijack.JmpTo[2A2AE1F6]
Function ntdll.dll:NtVdmControl (359) intercepted, method APICodeHijack.JmpTo[2A2AC0CF]
Function ntdll.dll:NtWriteVirtualMemory (369) intercepted, method APICodeHijack.JmpTo[2A2ACB64]
Function ntdll.dll:RtlGetNativeSystemInformation (609) intercepted, method APICodeHijack.JmpTo[2A2AE565]
Function ntdll.dll:ZwQueryDirectoryFile (1043) intercepted, method APICodeHijack.JmpTo[2A2B1451]
Function ntdll.dll:ZwQueryInformationFile (1049) intercepted, method APICodeHijack.JmpTo[2A2ACE63]
Function ntdll.dll:ZwQuerySystemInformation (1072) intercepted, method APICodeHijack.JmpTo[2A2AE565]
Function ntdll.dll:ZwReadVirtualMemory (1085) intercepted, method APICodeHijack.JmpTo[2A2AE1F6]
Function ntdll.dll:ZwVdmControl (1168) intercepted, method APICodeHijack.JmpTo[2A2AC0CF]
Function ntdll.dll:ZwWriteVirtualMemory (1178) intercepted, method APICodeHijack.JmpTo[2A2ACB64]
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:CreateProcessWithLogonW (100) intercepted, method APICodeHijack.JmpTo[2A2AA19B]
Function advapi32.dll:RegSetValueExA (507) intercepted, method CodeHijack (method not defined), masking hook using 1 NOP operators
Function advapi32.dll:RegSetValueExW (508) intercepted, method CodeHijack (method not defined)
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
Driver communication failure [00000002] - [1]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
Driver communication failure [00000002] - [1]
2. Scanning memory
Number of processes found: 10
Number of modules loaded: 149
Scanning memory - complete
3. Scanning disks
Direct reading C:\WINDOWS\system32\config\default.LOG
Direct reading C:\WINDOWS\system32\config\SECURITY.LOG
Direct reading C:\WINDOWS\system32\config\SysEvent.Evt
Direct reading C:\WINDOWS\system32\config\SecEvent.Evt
Direct reading C:\WINDOWS\system32\config\AppEvent.Evt
Direct reading C:\WINDOWS\system32\config\DEFAULT
Direct reading C:\WINDOWS\system32\config\SECURITY
Direct reading C:\WINDOWS\system32\config\SYSTEM
Direct reading C:\WINDOWS\system32\config\SAM
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Direct reading C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb
Direct reading C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Direct reading C:\WINDOWS\system32\CatRoot2\edb.log
File quarantined succesfully (C:\WINDOWS\system32\Objsafe.tlb)
C:\WINDOWS\system32\Objsafe.tlb >>>>> Dialer.EMSAT deleted successfully
C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe >>> suspicion for AdvWare.Win32.Sahat.bp ( 09A113F9 0AB58265 00213B61 001F80B9 177480)
File quarantined succesfully (C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe)
Direct reading C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Direct reading C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Direct reading C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG
Direct reading C:\Dokumente und Einstellungen\NetworkService\ntuser.dat
C:\Dokumente und Einstellungen\***\Found\FOUND.000\FILE0011.CHK >>> suspicion for Trojan-PSW.Win32.LdPinch.caw ( 0BB6888A 0C9FEBFE 00291905 0027FA96 32768)
File quarantined succesfully (C:\Dokumente und Einstellungen\***\Found\FOUND.000\FILE0011.CHK)
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\ntuser.dat.LOG
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\Cookies\index.dat
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\Lokale Einstellungen\Verlauf\History.IE5\index.dat
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Direct reading C:\Dokumente und Einstellungen\***.ACER-6655572C9F\ntuser.dat
C:\Programme\Zylom Games\Cake Mania Deluxe\cakemania.bak - PE file with non-standard extension(dangerousness level is 5%)
File quarantined succesfully (C:\Programme\Zylom Games\Cake Mania Deluxe\cakemania.bak)
C:\Programme\PlayFirst\WordJong\WordJong.exe.bak - PE file with non-standard extension(dangerousness level is 5%)
File quarantined succesfully (C:\Programme\PlayFirst\WordJong\WordJong.exe.bak)
C:\FOUND.013\FILE0069.CHK >>> suspicion for Trojan-Downloader.Win32.Agent.afu ( 0AB58B5E 0B2165D3 001C36F2 001C9BE7 32768)
File quarantined succesfully (C:\FOUND.013\FILE0069.CHK)
Removing traces of deleted files...
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
>>> C:\Programme\WildTangent\Apps\CDA\CDALogger0402.dll HSC: suspicion for Spy.WindTangent
File quarantined succesfully (C:\Programme\WildTangent\Apps\CDA\CDALogger0402.dll)
>>> C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll HSC: suspicion for Spy.WindTangent
File quarantined succesfully (C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll)
>>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
File quarantined succesfully (D:\autorun.inf)
>>> D:\Setup.exe HSC: suspicion for hidden autorun D:\autorun.inf [Autorun\Open]
File quarantined succesfully (D:\Setup.exe)
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Alerter (Warndienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 402333, extracted from archives: 223967, malicious software found 1, suspicions - 3
Scanning finished at 11.07.2008 23:33:28
Time of scanning: 00:58:15
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference