Zonealarm, Antivir, Spybot...alles wurde gelöscht!

#0
04.11.2007, 22:08
...neu hier

Beiträge: 1
#1 Hallo,

bitte helft mir.
Ich habe mir anscheinend einen Virus eingefangen.
Die Startdateien von Antivir, Spybot und Zonealarm wurde gelöscht und ich kann die Programme nicht neu installieren. Auch AVG free meldet bei der Installation einen Fehler.
Ich habe die allgemeine Anleitung befolgt. HijackThis gibt folgendes Protokoll aus.
Bitte helft mir. Ich muss morgen ein wichtiges Protokoll für die Uni abgeben.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:51, on 04.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
D:\Programme\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\YzShadow\YzShadow.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\WinRAR\WinRAR.exe
D:\Programme\HJT.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Programme\WellGet\WellGet.exe
O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - D:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - D:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8148 bytes


Hier die Ausgabe von datfind:

04.11.2007 22:31 270.400 vsconfig.xml
04.11.2007 22:31 63.804 nvapps.xml
04.11.2007 21:58 29.808 BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000002-80611102}.rfx
04.11.2007 21:58 29.808 BMXCtrlState-{00000001-00000000-0000000A-00001102-00000002-80611102}.rfx
04.11.2007 21:58 17.500 BMXStateBkp-{00000001-00000000-0000000A-00001102-00000002-80611102}.rfx
04.11.2007 21:58 17.500 BMXState-{00000001-00000000-0000000A-00001102-00000002-80611102}.rfx
04.11.2007 21:58 1.080 settings.sfm
04.11.2007 21:58 1.080 settingsbkup.sfm
04.11.2007 21:58 24 DVCStateBkp-{00000001-00000000-0000000A-00001102-00000002-80611102}.dat
04.11.2007 21:58 24 DVCState-{00000001-00000000-0000000A-00001102-00000002-80611102}.dat
04.11.2007 17:19 1.419.232 wdfcoinstaller01005.dll
04.11.2007 11:34 2.278 wpa.dbl

In der Datei vsconfig.xml befindet sich komischerweise folgendes:

<?xml version="1.0"?>
<securitypolicy version="1">
<lockupinfo server="209.87.208.60" port="0" enable="false"/>
<startuphookafd wsockvermajor="0x00050001" wsockverminor="0x0a280884" enable="false"/>
<protection zlcommdb="true" avregistry="true"/>
<osfirewall>

<rulegroup name="protourfiles">
<ruleentry event="file" match="any" allow="false" notify="true" customtext="2002">
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\BACKUP.RDB" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\IAMDB.RDB" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\ZALog.txt" />

<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\bases" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\ScanningProcess.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\kave.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\FSSync.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\prloader.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\inv.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\prremote.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\msvcp80.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\msvcr80.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\Microsoft.VC80.CRT.manifest" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\av.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\klif.sys" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\kl1.sys" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\klin.dat" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\klick.dat" />

<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\boot.dat" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\cafix.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\camupd.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\cerbprovider.pvx" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\dbghelp.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\imsecure.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\osfwrules.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\qrbase.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\qrsrecl.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\oemconfig.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\safePrograms.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\scheduler.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\spyware.dat" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\srescan.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\ssleay32.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsavpro.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsdb.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsinit.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsmon.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsruledb.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsvault.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\ZLCommDB.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlparser.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlquarantine.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlsre.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlasdbup.dat" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlsrepluginsupd.zip" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlsreupd.zip" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlqrtdb.dat" />

<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vswmi.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\fbl.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\featuremap.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi.config.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsmon.config.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\updating.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\updclient.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsmondll.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlupdate.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\ZoneAlarm.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\zlsvc.zip.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\zpy.zip.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\pyd\_socket.pyd" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\pyd\pyexpat.pyd" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\pyd\pyvsinit.pyd" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\pyd\signedDll.pyd" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins\rpc_server\manifest.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins\rpc_server\rpc_server.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins\vsmon_plugin\manifest.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins\vsmon_plugin\vsmon_plugin.dll" />

<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi\httpblocker\httpblocker.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi\httpblocker\manifest.xml" />

<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi\imslsp\imslsp.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi\imslsp\manifest.xml" />

<itementry param="filename" operator="equalnocase" type="ansi" value="VSDATANTDIR\vsconfig.xml" />
<itementry param="filename" operator="equalnocase" type="ansi" value="VSDATANTDIR\vsdatant.sys" />

<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsdata.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsinit.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsmonapi.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vspubapi.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsregexp.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsutil.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsxml.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zlcomm.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zlcommdb.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zpeng24.dll" />

<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\alert.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\email.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Errorlog.txt" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\expert.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\filter.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\firewall.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\framewrk.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\idlock.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\imf_editor.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\imsecure.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\install.log" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\License.txt" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\multiscan.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\privacy.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\programs.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\readme.html" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\scan.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\scan.zmx" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\security.zap" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\vsinit.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zatutor.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zauninst.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zl_priv.htm" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zlavscan.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zonealarm.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zlclient.exe" />

<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Help" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Help\zaclients.chm" />

<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\background.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\blocked_content.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\Cerb_logo_small.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\DOS_Title.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\spacer.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\style_IE5_pc.css" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\topbar.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\topbend_purple.gif" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images\ZAP_logo_small.gif" />

<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsdb.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsinit.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsmon.exe" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsruledb.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsutil.dll" />
<itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\srescan.sys" />
</ruleentry>
</rulegroup>
<rulegroup name="protourreg">
<ruleentry event="registry" match="any" allow="false" notify="true" customtext="2003">
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\Monitor" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\Monitor\DialogControl" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\MiniLog" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\LocalStoreDir" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\LogStoreDir" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\ZoneAlarm" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\ZoneAlarm\Plugin" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\ZoneAlarm\Plugin\obj" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ADE" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ADP" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ASX" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.BAS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.BAT" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CHM" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CMD" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.COM" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CPL" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CRT" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.DBX" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.DLL" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.EML" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.EXE" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.HLP" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.HTA" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.INF" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.INS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ISP" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.JS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.JSE" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.LNK" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDA" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDB" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDE" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDZ" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MHT" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSC" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSI" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSP" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MST" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.NCH" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.OCX" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PCD" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PIF" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PRF" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.RAR" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.REG" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCF" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCR" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCT" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SHB" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SHS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SYS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.URL" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VB" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VBE" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VBS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WMS" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSC" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSF" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSH" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ZIP" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\Registration" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\enum" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\parameters" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\security" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon\enum" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon\security" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\srescan" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\CLASSES\ZAMailSafe" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\CLASSES\ZAMailSafe\DefaultIcon" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\CLASSES\ZAMailSafe\Shell" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\CLASSES\ZAMailSafe\Shell\open" />
<itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\CLASSES\ZAMailSafe\Shell\open\command" />
</ruleentry>
</rulegroup>
usw..

Was bedeutet das???
Dieser Beitrag wurde am 04.11.2007 um 22:59 Uhr von Melpomene editiert.
Seitenanfang Seitenende
04.11.2007, 23:02
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Schon ein Onlinescanner benutzt? http://support.f-secure.com/enu/home/ols.shtml
ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schliessen und combofix.exe starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert,ignorieren !
__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »