"Critical System Errors!" das "X" mit dem Fragezeichen stört! |
||
---|---|---|
#0
| ||
08.11.2006, 23:42
...neu hier
Beiträge: 2 |
||
|
||
09.11.2006, 10:22
Ehrenmitglied
Beiträge: 29434 |
#2
Bielsman
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 12:36
...neu hier
Beiträge: 1 |
#3
Hallo
Ich bin neu hier, aber habe die selben Probleme, und zwar dieses dämliche ? was meint :"critical system errors" und mittlerweile bin ich echt überfordert wie ich es wegbekommen soll.... :'( Kann mir hier jemand sagen ob das nen Dienst ist, bzw wie dieser Dienst heisst? es muss ja iwie geladen werden beim start, inner Reg kann ichs nicht finden. Hijack befindet auch alles als "gut". und nu? Bitte um Andwort und Danke schon mal im Vorraus |
|
|
||
09.11.2006, 13:12
Ehrenmitglied
Beiträge: 29434 |
#4
Movi
poste bitte dieses log, ich schau nach, was ueberhaupt auf dem rechner ist http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 14:51
...neu hier
Themenstarter Beiträge: 2 |
#5
avenger sagt das:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\rbsjnrwd ******************* Script file located at: \??\C:\xhhuebei.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Could not open file C:\Dokumente und Einstellungen\Burn Boy\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\ivideocodec.324.exe for deletion Deletion of file C:\Dokumente und Einstellungen\Burn Boy\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\ivideocodec.324.exe failed! Could not process line: C:\Dokumente und Einstellungen\Burn Boy\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\ivideocodec.324.exe Status: 0xc000003a Folder C:\Programme\VirusBursters not found! Deletion of folder C:\Programme\VirusBursters failed! Could not process line: C:\Programme\VirusBursters Status: 0xc0000034 Folder C:\Programme\iVideoCodec deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|ferrateen Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|ferrateen failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|clamoring Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|clamoring failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|bonspells failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|detachments Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|detachments failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{0d9eb558-0666-479e-868a-21b1d1a53bd1} Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{0d9eb558-0666-479e-868a-21b1d1a53bd1} failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{27321538-5739-4aa1-b84c-7d18e4383f1f} Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{27321538-5739-4aa1-b84c-7d18e4383f1f} failed! Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01d8d081-0f76-4ab5-b5e4-9b23a709670e} Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01d8d081-0f76-4ab5-b5e4-9b23a709670e} failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACF3DAB0-D308-4B7A-BFE3-E6C0FAFEB1E7} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusBursters failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusbursters.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\VirusBursters failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. also hab ich nochmal hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 14:47:11, on 09.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Razer\razerhid.exe C:\Programme\Virtual CD v8\System\VC8Play.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\SLEE12.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Virtual CD v8\System\VC8SecS.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Virtual CD v8\System\VC8Tray.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Razer\razertra.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Razer\razerofa.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Opera\Opera.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\BURNBO~1\LOKALE~1\Temp\Rar$EX00.609\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slysoft.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\programme\steganos internet anonym 7\sia7iep.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe O4 - HKCU\..\Run: [ObjectDock] C:\Programme\ObjectDock\ObjectDock.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {82DEF876-14E4-4CE5-9CA4-DE79A2EE46D2} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{D5927D29-40E9-4B9D-9AEA-20A413961DB1}: NameServer = 217.237.149.225 217.237.150.188 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe und regsearch: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "ivideocodec" 09.11.2006 14:49:00 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_USERS\S-1-5-21-1255042738-3032412228-3362575737-1008\Software\Internet Security] "Path"="C:\\Programme\\iVideoCodec" "L:\\trillian-v3[1].1.exe"="trillian-v3[1].1" "C:\\Dokumente und Einstellungen\\Burn Boy\\Anwendungsdaten\\Opera\\Opera\\profile\\cache4\\temporary_download\\ivideocodec.324.exe"="ivideocodec.324" Ist jetz alles clean oder muss ich noch was machen? bielsman |
|
|
||
09.11.2006, 15:11
Ehrenmitglied
Beiträge: 29434 |
#6
Bielsman
im moment kommst du nicht in die Registry, es scheint, es gibt noch mehr viren öffne das HijackThis -- Button "scan" -- vor diesen Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1PC neustarten 1. manuell suchen/loeschen: C:\Dokumente und Einstellungen\Burn Boy\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\ivideocodec.324.exe ------------------------------------------------------------------------ 2. poste dieses log http://virus-protect.org/artikel/tools/combofix.html 3. Gehe in die Registry Start - Ausfuehren - regedit oben links - bearbeiten - suchen - Internet Security HKEY_USERS\S-1-5-21-1255042738-3032412228-3362575737-1008\Software\Internet Security - loeschen PC neustarten 4. scanne mit panda und poste den scanreport (geht nur mit dem IE) http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Log HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 23:34:35, on 08.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Razer\razerhid.exe
C:\Programme\Virtual CD v8\System\VC8Play.exe
C:\Programme\ObjectDock\ObjectDock.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Virtual CD v8\System\VC8SecS.exe
C:\Programme\Virtual CD v8\System\VC8Tray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Razer\razertra.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Razer\razerofa.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\System32\WScript.exe
C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\BURNBO~1\LOKALE~1\Temp\Rar$EX00.719\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slysoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\programme\steganos internet anonym 7\sia7iep.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe
O4 - HKLM\..\Run: [VC8Player] C:\Programme\Virtual CD v8\System\VC8Play.exe
O4 - HKCU\..\Run: [ObjectDock] C:\Programme\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5927D29-40E9-4B9D-9AEA-20A413961DB1}: NameServer = 217.237.149.225 217.237.150.188
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Steganos Live Encryption Engine 12 [Service] (SLEE_12_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE12.exe (file missing)
O23 - Service: Druckwarteschlange (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Programme\Virtual CD v8\System\VC8SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
RegSrch:
; RegSrch.vbs © Bill James
; Registry search results for string "iVideoCodec" 08.11.2006 23:14:49
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec]
"DisplayName"="iVideoCodec 3.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec]
"UninstallString"="C:\\Programme\\iVideoCodec\\uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec]
"DisplayIcon"="C:\\Programme\\iVideoCodec\\uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec]
"URLInfoAbout"="www.ivideocodec.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec]
"Publisher"="iVideoCodec Software"
[HKEY_USERS\S-1-5-21-1255042738-3032412228-3362575737-1008\Software\Internet Security]
"Path"="C:\\Programme\\iVideoCodec"
"L:\\trillian-v3[1].1.exe"="trillian-v3[1].1"
"C:\\Dokumente und Einstellungen\\Burn Boy\\Anwendungsdaten\\Opera\\Opera\\profile\\cache4\\temporary_download\\ivideocodec.324.exe"="ivideocodec.324"
"L:\\trillian-v3[1].1.exe"="trillian-v3[1].1"
"C:\\Programme\\iVideoCodec\\uninst.exe"="uninst"
Registry values to delete:
bitte helft mir!
bielsman