Hi!
Erstmal danke das mit der .bat hat funktioniert, Microsoft Antispyware blockt jetzt ersmtal die wcmb.exe.
Hier die Hijack Lock
Logfile of HijackThis v1.99.1
Scan saved at 10:27:28, on 15.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\brsvc01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\sstray.exe
G:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
G:\Programme\QuickTime\qttask.exe
G:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
G:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
G:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
G:\Programme\ScanSoft\PaperPort\pptd40nt.exe
G:\Programme\Brother\ControlCenter2\brctrcen.exe
G:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
G:\WINDOWS\system32\rundll32.exe
G:\Programme\CyberLink\PowerDVD\PDVDServ.exe
G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
G:\Programme\Microsoft AntiSpyware\gcasServ.exe
G:\Programme\AVPersonal\AVGUARD.EXE
G:\Programme\AVPersonal\AVWUPSRV.EXE
G:\WINDOWS\system32\Brmfrmps.exe
G:\Programme\Real\RealPlayer\RealPlay.exe
G:\Programme\AVPersonal\AVGNT.EXE
G:\WINDOWS\system32\ctfmon.exe
G:\Programme\Babylon\Babylon.exe
G:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
G:\Programme\MSN Messenger\MsnMsgr.Exe
G:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
G:\WINDOWS\system32\CTsvcCDA.exe
G:\Programme\eMule.de\emule.exe
G:\Programme\Hand-Crafted Software\FreeProxy\FreeProxy.exe
G:\Programme\Jana2\janad.exe
G:\Programme\Belkin\Bluetooth Software\BTTray.exe
G:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
G:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\PGPserv.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\Programme\RealVNC\WinVNC\WinVNC.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\Dokumente und Einstellungen\Denis84.DENIS\Startmenü\Programme\Autostart\taskmgr.exe
G:\Programme\AVPersonal\GUARDGUI.EXE
G:\WINDOWS\system32\wuauclt.exe
G:\DOKUME~1\DENIS8~1.DEN\LOKALE~1\Temp\HijackThis.exe
G:\Programme\Microsoft AntiSpyware\gcasServAlert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.de/0SEDEDE/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.de/0SEDEDE/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = de.my.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 auditmypc.com
O1 - Hosts: 127.0.0.60 bulletproofsoft.net
O1 - Hosts: 127.0.0.61 cexx.org
O1 - Hosts: 127.0.0.62 computercops.us
O1 - Hosts: 127.0.0.63 ct7support.com
O1 - Hosts: 127.0.0.64 doxdesk.com
O1 - Hosts: 127.0.0.65 eblocs.com
O1 - Hosts: 127.0.0.66 enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 free-spyware-scan.com
O1 - Hosts: 127.0.0.68 free-web-browsers.com
O1 - Hosts: 127.0.0.69 grc.com
O1 - Hosts: 127.0.0.70 grisoft.com
O1 - Hosts: 127.0.0.71 hackfaq.org
O1 - Hosts: 127.0.0.72 hazeleger.net
O1 - Hosts: 127.0.0.73 javacoolsoftware.com
O1 - Hosts: 127.0.0.74 kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 kephyr.com
O1 - Hosts: 127.0.0.78 lurkhere.com
O1 - Hosts: 127.0.0.79 majorgeeks.com
O1 - Hosts: 127.0.0.80 merijn.org
O1 - Hosts: 127.0.0.81 mjc1.com
O1 - Hosts: 127.0.0.82 moosoft.com
O1 - Hosts: 127.0.0.83 mvps.org
O1 - Hosts: 127.0.0.84 net-integration.net
O1 - Hosts: 127.0.0.85 noadware.net
O1 - Hosts: 127.0.0.86 no-spybot.com
O1 - Hosts: 127.0.0.87 onlinepcfix.com
O1 - Hosts: 127.0.0.88 pchell.com
O1 - Hosts: 127.0.0.89 pestpatrol.com
O1 - Hosts: 127.0.0.94 spychecker.com
O1 - Hosts: 127.0.0.95 spychecker.com
O1 - Hosts: 127.0.0.96 spycop.com
O1 - Hosts: 127.0.0.97 spyguard.com
O1 - Hosts: 127.0.0.98 spykiller.com
O1 - Hosts: 127.0.0.99 spyware.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - G:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - G:\Programme\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - G:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] G:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] G:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] G:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe /L ElbyCDFL
O4 - HKLM\..\Run: [msnappau] G:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] G:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] G:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] G:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] G:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] G:\Programme\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] G:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CTSysVol] G:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinVNC] G:\Programme\RealVNC\WinVNC\WinVNC.exe -servicehelper
O4 - HKLM\..\Run: [RemoteControl] G:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] G:\Programme\Microsoft AntiSpyware\gcasServ.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] G:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVGCtrl] G:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Driver32] Overwritten when removing W32/Sircam-A, please delete.
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System Update] G:\WINDOWS\System\wupdmgr.exe
O4 - HKCU\..\Run: [Babylon Translator] G:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [MsnMsgr] G:\Programme\MSN Messenger\MsnMsgr.Exe /background
O4 - HKCU\..\Run: [H/PC Connection Agent] G:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
O4 - HKCU\..\Run: [Woods Inc] G:\WINDOWS\system32\wcmd.exe
O4 - HKCU\..\Run: [eMuleAutoStart] G:\Programme\eMule.de\emule.exe -AutoStart
O4 - Startup: taskmgr.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = G:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = G:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Alles mit Net Transport herunterladen - G:\Programme\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download All Files by HiDownload - G:\Programme\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - G:\Programme\HiDownload\HDGet.htm
O8 - Extra context menu item: Mit Net Transport herunterladen - G:\Programme\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - G:\Programme\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: concept/design's onlineTV - {8AAA145C-BEC1-4D5A-9B6B-4C5A6A0920E4} - G:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra->Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programme\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra->Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - G:\Programme\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider->xfire_lsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by4fd.bay4.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97D7EDC8-44D0-4BCD-95EC-34CC542EEF6F}: NameServer = 192.168.2.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - G:\WINDOWS\system32\Brmfrmps.exe -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - G:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - G:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Free Proxy Service (FreeProxy) - Hand-Crafted Software - G:\Programme\Hand-Crafted Software\FreeProxy\FreeProxy.exe
O23 - Service: Jana Server 2 (Janad) - Thomas Hauck, Privat - G:\Programme\Jana2\janad.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - G:\WINDOWS\system32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Unknown owner - G:\Programme\Norton Personal Firewall\SymProxySvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - G:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - G:\Programme\RealVNC\WinVNC\WinVNC.exe -service (file missing)