adware punisher leider immer noch da

#1 Liebe Sabina,
bin Deine Anleitung durchgegangen, habe auf dem Desktop leider immer noch adw.htm.


Logfile of HijackThis v1.99.1
Scan saved at 18:22:07, on 09.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinZip\Wzqkpick.exe
C:\Programme\D-Link AirPlus\AirPlus.exe
C:\PROGRAMME\WINRAR\WinRAR.exe
C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp\Rar$EX00.801\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www."); (C:\Programme\Netscape\Users\e.daniel\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Global Startup: D-Link AirPlus.lnk = C:\Programme\D-Link AirPlus\AirPlus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{98949CD5-2C1E-41CF-ACE7-77CA3A16F93A}: NameServer = 192.168.2.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe




CleanUp! started on 02/09/06 18:24:32.
C:\Dokumente und Einstellungen\Lt. Seriennummer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
C:\Dokumente und Einstellungen\Lt. Seriennummer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Lt. Seriennummer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp\~DF3699.tmp - deleted
C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp\~DF6D0C.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp\Rar$EX02.169\KillBox.exe - deleted
C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp\Rar$EX02.169\ - deleted
C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp\~DF6D0C.tmp currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Lt. Seriennummer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Lt. Seriennummer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\SYSTRAY.EXE-345DCC1C.pf - deleted
C:\WINDOWS\Prefetch\HPZTSB07.EXE-02862AA0.pf - deleted
C:\WINDOWS\Prefetch\ITOUCH.EXE-37A5852C.pf - deleted
C:\WINDOWS\Prefetch\MM_TRAY.EXE-0DD75E2A.pf - deleted
C:\WINDOWS\Prefetch\CCAPP.EXE-2EA3695D.pf - deleted
C:\WINDOWS\Prefetch\EM_EXEC.EXE-1D53AFF5.pf - deleted
C:\WINDOWS\Prefetch\MMDIAG.EXE-34585558.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-32066BA5.pf - deleted
C:\WINDOWS\Prefetch\WZQKPICK.EXE-160BDDE7.pf – deleted
C:\WINDOWS\Prefetch\AIRPLUS.EXE-1F8169E0.pf - deleted
C:\WINDOWS\Prefetch\OSA.EXE-0082CBE3.pf - deleted
C:\WINDOWS\Prefetch\LDMCONF.EXE-2E5D217E.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-3B58BA4B.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0520C8D5.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-20C61389.pf - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.0 recovered 823.6 KB of disk space from 26 files.
CleanUp! finished on 02/09/06 18:24:37.





Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2772-130B

Verzeichnis von C:\WINDOWS\SYSTEM32

09.02.2006 15:50 0 winapi32.dll
09.02.2006 14:25 2.206 wpa.dbl
04.02.2006 11:34 0 mswinb32.dll
04.02.2006 11:34 0 mswinb32.exe
04.02.2006 11:34 0 intxt.exe
04.02.2006 11:34 0 mswinxml.dll
03.02.2006 17:48 5.120 Thumbs.db
03.02.2006 11:27 0 mswinf32.dll
03.02.2006 11:27 0 mswinf32.exe
03.02.2006 11:21 100 LuResult.txt
03.02.2006 11:06 40.964 shell386.exe
05.01.2006 04:41 2.836.320 MRT.exe
29.12.2005 03:54 280.064 gdi32.dll
01.12.2005 04:31 1.492.480 shdocvw.dll
25.11.2005 10:11 276.560 FNTCACHE.DAT
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2772-130B

Verzeichnis von C:\DOKUME~1\LT68F2~1.SER\LOKALE~1\Temp

09.02.2006 18:23 512 ~DF6D0C.tmp
1 Datei(en) 512 Bytes
0 Verzeichnis(se), 10.738.483.200 Bytes frei



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2772-130B

Verzeichnis von C:\WINDOWS

09.02.2006 18:15 26 iTouch.ini
09.02.2006 18:13 0 0.log
09.02.2006 18:11 1.435.993 WindowsUpdate.log
09.02.2006 18:11 32.644 SchedLog.Txt
09.02.2006 17:33 787 setupapi.log
09.02.2006 14:37 2 adw.htm
03.02.2006 17:49 55.808 Thumbs.db
12.01.2006 19:02 102.055 comsetup.log
12.01.2006 19:02 11.113 KB912919.log
12.01.2006 19:02 60.201 ntdtcsetup.log
12.01.2006 19:02 128.808 tsoc.log
12.01.2006 19:02 137.204 ocgen.log
12.01.2006 19:02 335.183 iis6.log
12.01.2006 19:02 1.374 imsins.log
12.01.2006 19:02 15.326 ocmsn.log
12.01.2006 19:02 48.276 netfxocm.log
12.01.2006 19:02 19.337 MedCtrOC.log
12.01.2006 19:02 14.314 tabletoc.log
12.01.2006 19:02 13.849 msgsocm.log
12.01.2006 19:02 283.373 FaxSetup.log
12.01.2006 19:02 90.022 msmqinst.log
12.01.2006 19:02 17.899 updspapi.log
12.01.2006 19:02 10.284 KB908519.log
12.01.2006 19:02 1.374 imsins.BAK
02.01.2006 11:59 149 WISO.INI
16.12.2005 16:03 9.449 KB910437.log
16.12.2005 16:02 16.587 KB905915.log


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2772-130B

Verzeichnis von C:\

09.02.2006 18:28 0 sys.txt
09.02.2006 18:27 18.271 system.txt
09.02.2006 18:27 299 systemtemp.txt
09.02.2006 18:26 106.012 system32.txt
09.02.2006 18:12 133.812.224 hiberfil.sys
09.02.2006 18:12 201.326.592 PAGEFILE.SYS
09.02.2006 16:20 529 hpfr3420.xml
09.02.2006 16:20 213.720 hpfr3420.log
03.02.2006 11:40 7.841 caavsetup.log
06.12.2005 17:48 18.734 __GSDDE.DOC
22.02.2005 13:01 174 mw.log
22.02.2005 13:00 171 itouch.log
22.02.2005 13:00 0 itouch_crash_info.txt
13.11.2004 15:05 77.172 backup_config.bin
13.11.2004 13:36 221 boot.ini
13.11.2004 12:56 216 AUTOEXEC.BAT
13.11.2004 12:56 512 BOOTSECT.DOS
13.11.2004 10:42 62.805 WINMAIL.DAT
13.11.2004 05:14 233 reg.reg
12.11.2004 18:58 994.831 FAULTLOG.TXT
12.11.2004 18:07 47.472 SCANDISK.LOG
07.11.2004 17:00 0 blacklist.log

Vielen Dank!
Gruß
Eike

#2 eike4

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren:

C:\WINDOWS\SYSTEM32\winapi32.dll
C:\WINDOWS\SYSTEM32\mswinb32.dll
C:\WINDOWS\SYSTEM32\mswinb32.exe
C:\WINDOWS\SYSTEM32\intxt.exe
C:\WINDOWS\SYSTEM32\mswinxml.dll
C:\WINDOWS\SYSTEM32\mswinf32.dll
C:\WINDOWS\SYSTEM32\mswinf32.exe
C:\WINDOWS\SYSTEM32\LuResult.txt
C:\WINDOWS\SYSTEM32\shell386.exe
C:\WINDOWS\adw.htm

nach dem Neustart suche: C:\!KillBox
und loesche alle dort befindlichen Dateien manuell
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hi Sabina,

vielen Dank für Deine Hilfe! Hat alles wunderbar geklappt!

Grüße
Eike