MSN Trojaner habe Log-File bitte anschaun!!

[gipsy111]

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

O4 - HKLM\..\Run: [ ] C:\WINDOWS\system32\dllvirtual.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

__________________________________________________________________________________

Deinstalliere:

C:\Programme\MyWebSearch
C:\Programme\PokerStars.NET
__________________________________________________________________________________

Avenger

kopiere rein:

Files to delete:
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Programme\MyWebSearch\bar\1.bin\m3SrchMn.exe
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\dllvirtual.exe
C:\WINDOWS\system32\dllvirtual.dll
C:\WINDOWS\system32\dllvirtual.js

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System\dllvirtual.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System\dllvirtual.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System\dllvirtual.js

Folders to delete:
C:\Programme\MyWebSearch
C:\Dokumente und Einstellungen\Kinder\Anwendungsdaten\You've Got Pictures Screensaver

Klicke die grüne Ampel
- das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten

**

poste den Report, der erscheint
__________________________________________________________________________________

Counterspy

nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (und poste den Scanreport)
__________________________________________________________________________________

Mache bitte einen PandaOnlineScan und poste den Report.

[skrapid]

Hallo! Ich hab ein Problem, wie soll ich das in den Avenger kopieren ??
da steht: Sciript File to execut
1) Load script File from
2)Load script from Internet URL
3)Input scirpt manually


Was soll ich drücken?

[gipsy111]

Auf

Input scirpt manually

Ist aber alles auf der Seite beschrieben!!
http://virus-protect.org/artikel/tools/avenger.html

[skrapid]

Wie ich auf die grüne Ampel klickte und bestätigte kamen urr viele solche Error Kasterln wo man immer auf OK drücken musste
Ist das Normal so?




Hier die Log-File


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: Run\System\dllvirtual.exe


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: Run\System\dllvirtual.dll


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: Run\System\dllvirtual.js


Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jxbbsrwd

*******************

Script file located at: \??\C:\WINDOWS\system32\cbyasdep.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\bar\1.bin\m3SrchMn.exe for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\m3SrchMn.exe failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\m3SrchMn.exe
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL for deletion
Deletion of file C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL failed!

Could not process line:
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Status: 0xc000003a



Could not open file C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL for deletion
Deletion of file C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL failed!

Could not process line:
C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Status: 0xc000003a



File C:\WINDOWS\system32\dllvirtual.exe not found!
Deletion of file C:\WINDOWS\system32\dllvirtual.exe failed!

Could not process line:
C:\WINDOWS\system32\dllvirtual.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dllvirtual.dll not found!
Deletion of file C:\WINDOWS\system32\dllvirtual.dll failed!

Could not process line:
C:\WINDOWS\system32\dllvirtual.dll
Status: 0xc0000034



File C:\WINDOWS\system32\dllvirtual.js not found!
Deletion of file C:\WINDOWS\system32\dllvirtual.js failed!

Could not process line:
C:\WINDOWS\system32\dllvirtual.js
Status: 0xc0000034



Folder C:\Programme\MyWebSearch not found!
Deletion of folder C:\Programme\MyWebSearch failed!

Could not process line:
C:\Programme\MyWebSearch
Status: 0xc0000034



Folder C:\Dokumente und Einstellungen\Kinder\Anwendungsdaten\You've Got Pictures Screensaver not found!
Deletion of folder C:\Dokumente und Einstellungen\Kinder\Anwendungsdaten\You've Got Pictures Screensaver failed!

Could not process line:
C:\Dokumente und Einstellungen\Kinder\Anwendungsdaten\You've Got Pictures Screensaver
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion deleted successfully.


Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.