Trojaner-Problem!

#1 Hallo Leute!

ich habe mir eben einen trojaner eingefangen!

Und das ist das fiese ding:
C:\WINDOWS\SYSTEM32\MBZIJ.DLL
Ist das Trojanische Pferd TR/StartPa.DU.DLL.1

hab schon mit antivir, adaware, spybot probiert, leider ohne erfolg!

jetzt hab ich hijackthis heruntergeladen:
hier mal die logfile! ich hoffe ihr könnt mir helfen! ich werd wahnsinnig

bitte sagt mir schritt für schritt was ich machen muss, ich mache das zum ersten mal! danke schon mal im voraus.

Logfile of HijackThis v1.99.1
Scan saved at 16:18:59, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AntiVir\AVGUARD.EXE
C:\AntiVir\AVWUPSRV.EXE
C:\Borland\InterBase\bin\ibguard.exe
C:\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intuwave\Shared\mRouterRunTime\mRoute rConfig.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\AntiVir\AVGNT.EXE
C:\Programme\Intuwave\Shared\mRouterRunTime\mRoute rRuntime.exe
C:\iTunes\iTunesHelper.exe
C:\QuickTime\qttask.exe
C:\WINDOWS\appew32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\iezi32.exe
C:\Siemens SX1\SDS\SDSScheduler.exe
C:\SIEMEN~1\SDS\SPHONE~2.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\FlashGet\flashget.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.simviation.com/menu.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} - C:\WINDOWS\system32\apiyr.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Programme\Intuwave\Shared\mRouterRunTime\mRoute rConfig.exe
O4 - HKLM\..\Run: [CTFMon] C:\FamilyKeyLogger\ctfmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\AntiVir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atlse32.exe] C:\WINDOWS\atlse32.exe
O4 - HKLM\..\Run: [appew32.exe] C:\WINDOWS\appew32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Acrobat Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SDSScheduler.lnk = C:\Siemens SX1\SDS\SDSScheduler.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...0/Installer.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\AntiVir\AVWUPSRV.EXE
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Borland\InterBase\bin\ibserver.exe
O23 - Service: InterBase InterClient Server (InterServer) - InterBase - C:\Borland\InterBase\InterClient\bin\interserver.e xe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe

#2 Setze im HijackThis (HJT) vor folgende Einträge ein Häkchen und klicke auf "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mbzij.dll/sp.html#83556
O2 - BHO: Class - {9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} - C:\WINDOWS\system32\apiyr.dll
O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
O4 - HKLM\..\Run: [CTFMon] C:\FamilyKeyLogger\ctfmon.exe
O4 - HKLM\..\Run: [atlse32.exe] C:\WINDOWS\atlse32.exe
O4 - HKLM\..\Run: [appew32.exe] C:\WINDOWS\appew32.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...0/Installer.exe

Bitte überprüfe folgende Dateien bei http://www.virustotal.com und teile uns das Ergebnis mit:

C:\WINDOWS\atlse32.exe
C:\WINDOWS\appew32.exe

Lade Dir Killbox von http://virus-protect.org/killbox.html und entpacke es schon mal.

Gegen die veränderte Startseite arbeite folgendes ab:
http://www.trojaner-info.de/anleitungen/hijackthis/about_blank.html

Starte den PC in den abgesicherten Modus (während des Bootvorgangs F8 drücken).

Killbox: aktiviere "Delete on Reboot". Füge folgende Dateien in das Eingabefeld ein und bestätige jeweils mit einem Klick auf das Kreuz rechts daneben. Die Frage, ob jetzt neugestartet werden soll erst nach der letzten Datei mit JA bestätigen.

[Sofern als bösartig erkannt:
C:\WINDOWS\atlse32.exe
C:\WINDOWS\appew32.exe]
C:\WINDOWS\system32\apiyr.dll
C:\NAV_Update.exe
C:\FamilyKeyLogger\ctfmon.exe
C:\WINDOWS\system32\mbzij.dll

Der PC wird neugestartet. Falls Killbox meldet, dass eine Datei nicht gelöscht werden kann, weil sie nicht mehr vorhanden ist, ist das in Ordnung.

Weitere Instruktionen folgen, wenn Du das durchgeführt hast und Dich hier wieder meldest.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#3 Das ergebnis: die erste der zwei dateien:
die zweite war auf meiner festplatte nicht mehr zu finden

This is a report processed by VirusTotal on 09/09/2005 at 18:55:46 (CET) after scanning the file "appew32.exe" file.
Antivirus Version Update Result
AntiVir 6.31.1.0 09.09.2005 no virus found
Avast 4.6.695.0 09.09.2005 no virus found
AVG 718 09.09.2005 no virus found
Avira 6.31.1.0 09.09.2005 no virus found
BitDefender 7.0 09.02.2005 no virus found
CAT-QuickHeal 8.00 09.09.2005 (Suspicious) - DNAScan
ClamAV devel-20050725 09.09.2005 no virus found
DrWeb 4.32b 09.09.2005 no virus found
eTrust-Iris 7.1.194.0 09.08.2005 no virus found
eTrust-Vet 11.9.1.0 09.09.2005 no virus found
Fortinet 2.41.0.0 09.07.2005 suspicious
F-Prot 3.16c 09.09.2005 no virus found
Ikarus 0.2.59.0 09.09.2005 no virus found
Kaspersky 4.0.2.24 09.09.2005 no virus found
McAfee 4577 09.08.2005 no virus found
NOD32v2 1.1212 09.08.2005 no virus found
Norman 5.70.10 09.09.2005 no virus found
Panda 8.02.00 09.09.2005 no virus found
Sophos 3.97.0 09.09.2005 no virus found
Symantec 8.0 09.09.2005 no virus found
TheHacker 5.8.2.102 09.08.2005 no virus found
VBA32 3.10.4 09.09.2005 no virus found

#4 Ok, ich würde die Datei als tendenziell bösartig einstufen.

Erneuter Scan mit http://virusscan.jotti.org/de um sicher zu gehen.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#5 ok, hab das mit killbox jetzt gemacht, aber folgende dateien waren nicht aufzufinden (waren auch nicht "versteckt"):

C:\Windows\atlse32.exe (wie gesagt...)
C:\FamilyKeyLogger\ctfmon.exe (der ordner "familyKeyLogger" ist nicht mehr vorhanden)
C:\Windows\system32\mbzij.dll (die konnte ich glaub ich schon mit spybot entfernen)

nach dem neustart kam aber keine meldung mehr! und das problem ist immer noch da, sobald ich den IE öffne kommt diese meldung!

hier ist noch die auswertung der datei von der anderen internetseite:
Datei: appew32.exe
Status: EVENTUELL INFIZIERT/MALWARE (Es ist verdächtig, dass die Sandbox-Emulation lange dauerte und/oder die Datei gepackt war. Normalerweise sind Programme nicht gepackt und zwingen die Sandbox nicht zu einer langwierigen Emulation. Beachten Sie, dass kein Scanner eine Warnung gegeben hat, d.h. die Datei kann sehr wohl harmlos sein. Wir raten allerdings zur Vorsicht.)
Entdeckte Packprogramme: -

AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
UNA Keine Viren gefunden
VBA32 Keine Viren gefunden

#6 Schicke mir doch bitte die appew32.exe an virus[at]arko-websolutions.de (vorher bitte als ZIP packen).

Dann lade Dir eScanCheck herunter und halte Dich an die Anweisungen auf der Seite. Berichte dann, wie dort beschrieben.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#7 das mit dem eScanCheck habe ich gemacht, leider tritt das problem immer noch auf! ich bin am verzweifeln!!!

hier die log: bitte helft mit.


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Fri Sep 09 19:44:12 2005 => System found infected with FlashGet Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken.
2: Fri Sep 09 19:44:12 2005 => System found infected with FlashGet Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken.
3: Fri Sep 09 19:44:14 2005 => System found infected with CWS.HomeSearch Browser Hijacker ({676575dd-4d46-911d-8037-9b10d6ee8bb5})! Action taken: No Action Taken.
4: Fri Sep 09 19:44:48 2005 => Offending file found: C:\WINDOWS\iun6002.exe
5: Fri Sep 09 19:44:48 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
6: Fri Sep 09 19:44:57 2005 => Offending file found: C:\WINDOWS\TEMP
7: Fri Sep 09 19:44:57 2005 => System found infected with WhenU.SaveNow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
8: Fri Sep 09 19:46:42 2005 => File C:\WINDOWS\tstlb.hta infected by "Trojan-Downloader.VBS.Psyme.av" Virus! Action Taken: No Action Taken.
9: Fri Sep 09 19:52:45 2005 => Scanning Folder: C:\AntiVir\INFECTED\*.*
10: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.001 [**]
11: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.002 [**]
12: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.003 [**]
13: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.004 [**]
14: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.005 [**]
15: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.006 [**]
16: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\EXPLOIT[1].HTM.VIR [**]
17: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\INDEX_X[1].HTM.001 [**]
18: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\INDEX_X[1].HTM.002 [**]
19: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\INDEX_X[1].HTM.003 [**]
20: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\INDEX_X[1].HTM.VIR [**]
21: Fri Sep 09 19:52:45 2005 => Scanning File C:\AntiVir\INFECTED\WININET.DLL.VIR

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Fri Sep 09 19:45:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
2: Fri Sep 09 19:45:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
3: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.
4: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
5: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
6: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
7: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
8: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
9: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
10: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
11: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
12: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
13: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
14: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
15: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
16: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
17: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
18: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
19: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
20: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
21: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
22: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
23: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
24: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
25: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
26: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
27: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
28: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken.
29: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken.
30: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken.
31: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken.
32: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken.
33: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken.
34: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken.
35: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken.
36: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken.
37: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken.
38: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken.
39: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken.
40: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken.
41: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken.
42: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.
43: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.
44: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
45: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.
46: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.
47: Fri Sep 09 19:45:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.
48: Fri Sep 09 19:45:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Brennprogramm\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken.
49: Fri Sep 09 19:45:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
50: Fri Sep 09 19:45:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pvcs.hlp". Action Taken: No Action Taken.
51: Fri Sep 09 19:45:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action Taken.
52: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken.
53: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.exe" refers to invalid object "bdeadmin.exe". Action Taken: No Action Taken.
54: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken.
55: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken.
56: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
57: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken.
58: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken.
59: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken.
60: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken.
61: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken.
62: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken.
63: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken.
64: Fri Sep 09 19:45:22 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken.
65: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken.
66: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken.
67: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.
68: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken.
69: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken.
70: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
71: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\ATI Technologies\ATI Control Panel\setup.exe". Action Taken: No Action Taken.
72: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SH2.exe" refers to invalid object "C:\Silent Hunter II\SH2.exe". Action Taken: No Action Taken.
73: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sqlint32.dll" refers to invalid object "sqlint32.dll". Action Taken: No Action Taken.
74: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\XXXXX" refers to invalid object "C:\AK vs DR\XXXXX". Action Taken: No Action Taken.
75: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Reader\". Action Taken: No Action Taken.
76: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\". Action Taken: No Action Taken.
77: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\Borland\Projects\". Action Taken: No Action Taken.
78: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\Borland\Projects\Bpl\". Action Taken: No Action Taken.
79: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\Borland\Database Desktop\WorkDir\". Action Taken: No Action Taken.
80: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\Borland\Database Desktop\PrivDir\". Action Taken: No Action Taken.
81: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\Borland\Imports\". Action Taken: No Action Taken.
82: Fri Sep 09 19:45:23 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\Borland\Projects\Lib\". Action Taken: No Action Taken.
83: Fri Sep 09 19:45:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Siemens Data Suite SX1\". Action Taken: No Action Taken.
84: Fri Sep 09 19:45:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Army Operations\". Action Taken: No Action Taken.
85: Fri Sep 09 19:45:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Army Operations\System\". Action Taken: No Action Taken.
86: Fri Sep 09 19:45:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Army Operations\System\save\". Action Taken: No Action Taken.
87: Fri Sep 09 19:45:25 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Army Operations\SystemInfoAAO\". Action Taken: No Action Taken.
88: Fri Sep 09 19:45:30 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\America's Army\". Action Taken: No Action Taken.
89: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubi Soft\IL-2 Sturmovik Forgotten Battles\". Action Taken: No Action Taken.
90: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubi Soft\". Action Taken: No Action Taken.
91: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft\Far Cry\". Action Taken: No Action Taken.
92: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft\". Action Taken: No Action Taken.
93: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Flight Simulator 2004\Aircraft\SMS_MD11_V2\". Action Taken: No Action Taken.
94: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Flight Simulator 2004\Aircraft\SMS_MD11_V2\model\". Action Taken: No Action Taken.
95: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Flight Simulator 2004\Aircraft\SMS_MD11_V2\model.vc\". Action Taken: No Action Taken.
96: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Flight Simulator 2004\Aircraft\SMS_MD11_V2\panel\". Action Taken: No Action Taken.
97: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Flight Simulator 2004\Aircraft\SMS_MD11_V2\sound\". Action Taken: No Action Taken.
98: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Flight Simulator 2004\Aircraft\SMS_MD11_V2\texture\". Action Taken: No Action Taken.
99: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes\". Action Taken: No Action Taken.
100: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Speech SDK 5.1\C++ Samples\". Action Taken: No Action Taken.
101: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Speech SDK 5.1\". Action Taken: No Action Taken.
102: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Speech SDK 5.1\Tools\". Action Taken: No Action Taken.
103: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Speech SDK 5.1\Tutorials\". Action Taken: No Action Taken.
104: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Speech SDK 5.1\Visual Basic Samples\". Action Taken: No Action Taken.
105: Fri Sep 09 19:45:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Speech SDK 5.1\Web Samples\". Action Taken: No Action Taken.
106: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
107: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
108: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
109: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
110: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
111: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
112: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
113: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
114: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
115: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.
116: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
117: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
118: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
119: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
120: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
121: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
122: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
123: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
124: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
125: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817357". Action Taken: No Action Taken.
126: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Veneaviones Turbo Commander 690B". Action Taken: No Action Taken.
127: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7B802DE5-84E5-4503-965B-2ABFFC78506A}". Action Taken: No Action Taken.
128: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300816}". Action Taken: No Action Taken.
129: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
130: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600425}". Action Taken: No Action Taken.
131: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}". Action Taken: No Action Taken.
132: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1031-7B44-A00000000001}". Action Taken: No Action Taken.
133: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CDC131DB-C744-460C-832E-6E0C25AB6F03}". Action Taken: No Action Taken.
134: Fri Sep 09 19:45:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F7CEB592-47CB-406C-A2F8-188F3ADB40B7}". Action Taken: No Action Taken.
135: Fri Sep 09 19:45:33 2005 => Entry "HKCR\CLSID\{0880413D-9C3D-11D3-B931-00C04F8EF738}" refers to invalid object ".\sldse.dll". Action Taken: No Action Taken.
136: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{1444FA95-CB58-11d4-88F5-00B0D0239602}" refers to invalid object ".\sldproe.dll". Action Taken: No Action Taken.
137: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{15DC7116-E58E-4395-A45A-A1C99B17C030}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken.
138: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
139: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
140: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
141: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{1C9BC2F5-6822-11d2-B8A7-00C04F8EF738}" refers to invalid object ".\sldug.dll". Action Taken: No Action Taken.
142: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
143: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
144: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
145: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
146: Fri Sep 09 19:45:34 2005 => Entry "HKCR\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
147: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
148: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
149: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{4575C431-E2CB-11d2-B8E0-00C04F8EF738}" refers to invalid object ".\sld2demu.dll". Action Taken: No Action Taken.
150: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{46C64A4D-2B14-11D2-B484-00C04FA33EF2}" refers to invalid object "ShellExt\sldicon.dll". Action Taken: No Action Taken.
151: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{47B4ACA1-B1C4-11d2-8398-0008C7B2F44D}" refers to invalid object ".\sldmdt.dll". Action Taken: No Action Taken.
152: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
153: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{52034AD2-914C-4634-B375-9299631E5525}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
154: Fri Sep 09 19:45:35 2005 => Entry "HKCR\CLSID\{5d3d7a00-5f31-11d1-b1c9-0020af351f6f}" refers to invalid object ".\sldtrans.dll". Action Taken: No Action Taken.
155: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{6B8FE721-A25A-11d3-B45B-0008C7B2ECD7}" refers to invalid object ".\sldinventor.dll". Action Taken: No Action Taken.
156: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{700D36FB-3889-11D4-AF00-00C04F61025C}" refers to invalid object ".\sldxgl.dll". Action Taken: No Action Taken.
157: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
158: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
159: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
160: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{7EFD5D24-CB58-11d4-88F5-00B0D0239602}" refers to invalid object ".\sldjpeg.dll". Action Taken: No Action Taken.
161: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
162: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
163: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
164: Fri Sep 09 19:45:36 2005 => Entry "HKCR\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
165: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{BBEF802E-1021-11d4-BD57-00C04F019809}" refers to invalid object ".\sldcollab.dll". Action Taken: No Action Taken.
166: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
167: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
168: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{C90DF1A7-4DEF-11D4-AF15-00C04F61025C}" refers to invalid object ".\sldhsf.dll". Action Taken: No Action Taken.
169: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
170: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{CD0C64E9-8BDA-11d6-B09D-00065B87F34E}" refers to invalid object ".\photoworks\pworks.dll". Action Taken: No Action Taken.
171: Fri Sep 09 19:45:37 2005 => Entry "HKCR\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}" refers to invalid object "C:\Programme\PSGuard\Core.dll". Action Taken: No Action Taken.
172: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:\WINDOWS\system32:wjaa.dll". Action Taken: No Action Taken.
173: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{E0AA0493-C410-4CBD-B1DB-1723374FA8E0}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken.
174: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}" refers to invalid object ".\sldmts.dll". Action Taken: No Action Taken.
175: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{E5D78BD8-3874-4AA0-9D45-CFB79382C484}" refers to invalid object "C:\Programme\PSGuard\WndSystem.dll". Action Taken: No Action Taken.
176: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{E981DDD5-E7B9-11d2-8BC1-00105A1E7868}" refers to invalid object ".\animator\animator.dll". Action Taken: No Action Taken.
177: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{EA320F72-9CFB-11D3-B931-00C04F8EF738}" refers to invalid object ".\slddxf3d.dll". Action Taken: No Action Taken.
178: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{ED78333F-D5DB-11d4-BD5A-00C04F019809}" refers to invalid object ".\toolbox\swtoolbox.dll". Action Taken: No Action Taken.
179: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{ED783340-D5DB-11d4-BD5A-00C04F019809}" refers to invalid object ".\toolbox\swbrowser.dll". Action Taken: No Action Taken.
180: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{F335158C-A691-11D3-B934-00C04F8EF738}" refers to invalid object ".\sldhcg.dll". Action Taken: No Action Taken.
181: Fri Sep 09 19:45:38 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
182: Fri Sep 09 19:45:38 2005 => Entry "HKCR\TypeLib\{0CEBAFA2-A5F8-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
183: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{1257CD33-90D0-11D1-A197-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
184: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{143C9CF1-E3E7-11D1-A1D2-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
185: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{19362773-E965-11D1-A1F0-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
186: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{3E895E71-0C27-11D2-A212-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
187: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{67800A63-C222-11D1-A1B3-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
188: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.
189: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{9F3595E2-B5CC-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
190: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{9FD46A24-F9E8-11D1-A204-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
191: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{C8E100B3-6D59-11D1-A181-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
192: Fri Sep 09 19:45:39 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
193: Fri Sep 09 19:45:40 2005 => Entry "HKCR\TypeLib\{FD6E3405-67CB-11D1-A17E-080009AB3411}" refers to invalid object "D:\RUNTIME\Md8Rntm.exe". Action Taken: No Action Taken.
194: Fri Sep 09 19:45:40 2005 => Entry "HKCR\.cmo" refers to invalid object "VirtoolsComposition". Action Taken: No Action Taken.
195: Fri Sep 09 19:45:40 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
196: Fri Sep 09 19:45:40 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
197: Fri Sep 09 19:45:40 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
198: Fri Sep 09 19:45:40 2005 => Entry "HKCR\Automap.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
199: Fri Sep 09 19:45:40 2005 => Entry "HKCR\Automap.Map.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
200: Fri Sep 09 19:45:40 2005 => Entry "HKCR\Automap.Template.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
201: Fri Sep 09 19:45:40 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
202: Fri Sep 09 19:45:40 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
203: Fri Sep 09 19:45:41 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
204: Fri Sep 09 19:45:41 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
205: Fri Sep 09 19:45:41 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
206: Fri Sep 09 19:45:42 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
207: Fri Sep 09 19:45:42 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
208: Fri Sep 09 19:45:42 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
209: Fri Sep 09 19:45:42 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
210: Fri Sep 09 19:45:43 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
211: Fri Sep 09 19:45:43 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
212: Fri Sep 09 19:45:43 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
213: Fri Sep 09 19:45:43 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
214: Fri Sep 09 19:45:43 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
215: Fri Sep 09 19:45:43 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
216: Fri Sep 09 19:45:44 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
217: Fri Sep 09 19:45:44 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\tstlb.hta => Trojan-Downloader.VBS.Psyme.av

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Fri Sep 09 20:06:52 2005 => Total Objects Scanned: 61917
Fri Sep 09 20:06:52 2005 => Total Virus(es) Found: 12
Fri Sep 09 20:06:52 2005 => Total Errors: 217
Fri Sep 09 20:06:52 2005 => Virus Database Date: 2005/09/09
Fri Sep 09 20:06:52 2005 => Virus Database Count: 148540
Fri Sep 09 20:07:07 2005 => Total Objects Scanned: 61917
Fri Sep 09 20:07:07 2005 => Total Virus(es) Found: 12
Fri Sep 09 20:07:07 2005 => Total Errors: 217

#8 Schön!

Benutze den CWShredder:
http://www.intermute.com/spysubtract/cwshredder_download.html

Deinstalliere FlashGet.

Prüfe nach, ob das Verzeichnis c:\programme\psguard existiert. Wenn ja, dann lösche es.

Mit Killbox (wie oben beschrieben) folgendes löschen:

C:\WINDOWS\iun6002.exe
C:\WINDOWS\tstlb.hta
c:\windows\system32\cmdlineext02.dll

Wenn der PC neugestartet ist, System mit Ewido scanen und das Log hier posten:
http://virus-protect.org/antivirenfree.html

Achja, ein erneutes HJT-Log, um zu sehen, wie es ausschaut, bitte nach Ewido noch posten.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#9 Juchu! es scheint weg zu sein! was es genau war kann ich nicht mehr so genau sagen, aber ich habe deine letzten möglichkeiten angewendet und es scheint weg zu sein! hoffe ich! wenn nicht werde ich es nochmal hierein posten. danke für deine hilfe, es ist wirklich toll das es neben diesen hacker Ar***löchern auch noch menschen gibt die einem bei solch einem problem helfen können!

Logfile of HijackThis v1.99.1
Scan saved at 21:06:19, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AntiVir\AVGUARD.EXE
C:\AntiVir\AVWUPSRV.EXE
C:\ewido\security suite\ewidoctrl.exe
C:\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Borland\InterBase\bin\ibguard.exe
C:\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\AntiVir\AVGNT.EXE
C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\iTunes\iTunesHelper.exe
C:\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\Acrobat Reader 7.0\Reader\reader_sl.exe
C:\Siemens SX1\SDS\SDSScheduler.exe
C:\SIEMEN~1\SDS\SPHONE~2.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.simviation.com/menu.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat Reader 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {5C234103-94D8-FE86-BF5F-D52FD6347B89} - C:\WINDOWS\system32\addlh32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\AntiVir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Acrobat Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SDSScheduler.lnk = C:\Siemens SX1\SDS\SDSScheduler.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appbd.exe (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\AntiVir\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\ewido\security suite\ewidoguard.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Borland\InterBase\bin\ibserver.exe
O23 - Service: InterBase InterClient Server (InterServer) - InterBase - C:\Borland\InterBase\InterClient\bin\interserver.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe

#10 Du könntest noch folgendes fixen:
R3 - Default URLSearchHook is missing

Falls Du FlashGet deinstalliert hast:
O8 - Extra context menu item: Alles mit FlashGet laden - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe

Außerdem:
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appbd.exe (file missing)

Letzter Eintrag ist von einem Trojaner (Trojan.Agent.bi). Ewido könnte ihn gefunden und entfernt haben, deshalb hatte ich Dich gebeten, auch das Log von Ewido zu posten.

Um sicher zu gehen, dass jetzt auch nichts mehr da ist, verwende einen Online-Virenscanner:
http://virus-protect.org/onlinescan.html

Um die Fehler in der Registry wegzubekommen, verwende einen RegCleaner. Empfehlungen:
TuneUp Utilities 2006
CCleaner
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#11 ok! das werde ich morgen noch machen! vielen dank für deine hilfe! ach ja: was spricht den gegen flashget? das ist ein downloadmanager. spioniert der oder was?

#12 Es gibt eine Version mit und eine Version ohne Spyware. Welche Du hast, weiß ich jetzt so nicht, aber eScan zeigt ja nun mal folgendes an:

1: Fri Sep 09 19:44:12 2005 => System found infected with FlashGet Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken.
2: Fri Sep 09 19:44:12 2005 => System found infected with FlashGet Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

#13 auch fixen

O2 - BHO: Class - {5C234103-94D8-FE86-BF5F-D52FD6347B89} - C:\WINDOWS\system32\addlh32.dll


•Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

Doppelklick:regsrch.vbs

reinkopieren:

11Fßä#·ºÄÖ`I

Press 'OK'
warten, bis die Suche beendet ist. (Ergebnis bitte posten)
__________
MfG Sabina

rund um die PC-Sicherheit

#14 entschuldigung, wo soll ich das reinkopieren?

#15 Doppelklick:regsrch.vbs --> es oeffnet sich das Tool, dort kopierst du es rein und laesst scannen
__________
MfG Sabina

rund um die PC-Sicherheit