Wie löschen?

Evan · 22.10.2004, 12:16

Hallo zusammen

Ich habe Probleme mit meinem PC.
Habe mit eScan AntiVirus Toolkit Utility Ver (4.5.7) eine Überprüfung gemacht.
Folgende Viren wurden gefunden.

File C:\WINDOWS\mxTarget(3).dll infected by "not-a-virus:AdvWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mxTarget.dll infected by "not-a-virus:AdvWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ezStubi.dll infected by "not-a-virus:AdvWare.EZula.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ezStubi1.dll infected by "not-a-virus:AdvWare.EZula.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ezStubtt.exe infected by "not-a-virus:AdvWare.EZula.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ezStubx.exe infected by "not-a-virus:AdvWare.EZula.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mpz300.dll infected by "TrojanDownloader.Win32.BHO" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\MSView.exe infected by "not-a-virus:AdvWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\NLNP!3.exe infected by "not-a-virus:AdvWare.IGetNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\NLNP13.dll infected by "not-a-virus:AdvWare.IGetNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\nostalgia.dll infected by "not-a-virus:AdvWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\okshook.dll tagged as not-a-virus:RiskWare.Proxy.MarketScode.c. No Action Taken.
File C:\WINDOWS\system32\osconfig.dll tagged as not-a-virus:RiskWare.Proxy.MarketScode.c. No Action Taken.
File C:\WINDOWS\system32\osmim.dll tagged as not-a-virus:RiskWare.Proxy.MarketScode.c. No Action Taken.

Hier noch die log von hiJack

Logfile of HijackThis v1.98.2
Scan saved at 14:54:17, on 22.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOKUME~1\Mathias\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ricardo.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\mätz\programme\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: C:\WINDOWS\lbbho.dll - {8C8E46CA-D414-4C47-86B0-B24A9F07D001} - C:\WINDOWS\lbbho.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] c:\mätz\programme\musicmatch\mm_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Programme\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: onlineTV Global - {37DCECF1-B87F-44DA-9B4F-E5C0FB9FE7F2} - C:\Mätz\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/163058908db5bb6...dxIE601_de.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab

Was sind Viren? Was kann ich dagegen tun??
Bitte um Hilfe.
Danke

MfG Evan

22.10.2004, 21:25

Die Dateien, die eScan gefunden hast, löschst du im abgesicherten Modus.

Schicke dann die Datei C:\WINDOWS\lbbho.dll an partytime-germany.ice@web.de und lösche sie anschließend im abgesicherten Modus.

Fixe mit HijackThis dies:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
O2 - BHO: C:\WINDOWS\lbbho.dll - {8C8E46CA-D414-4C47-86B0-B24A9F07D001} - C:\WINDOWS\lbbho.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/163058908db5bb...RdxIE601_de.cab

Wie löschen?

Plagegeister aller Art und deren Bekämpfung: Wie löschen?

Grosse Probleme!! Viren?

Wie löschen?

Ähnliche Themen: Wie löschen?