| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus :(((Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2011, 17:11
| #1 |
| |  Virus :((( Hi, vor ca 2 wochen habe ich mir einen fiesen virus eingefangen am anfang öffneten sich "nur" automatisch irgentwelche internetseiten und wenn ich den PC runterfahren wollte hatte ich jedes mal bluescreen (INTERNAL_POWER_ERROR), also musste ich jedes mal den stecker ziehn. doch als ich vorgestern den Pc hochgefahren hatte, konnte ich mich zwar noch anmelden, jedoch war danach der bildschirm schwarz und nicht passierte. ich kann jedoch über den task manager noch die meisten programme starten (Firefox, Skype, ...), aber taskleiste, desktop usw sind hald nich da. außerdem hab ich ca alle 20min bluescreen :/ windows neu installieren kann ich auch nicht, da ich die windows installations ordner am pc gespeichert habe. habe windows 7 ultimate, regelmäßig virenchecks und updates gemacht (kostenloses avira); nachdem ich den virus runtergeladen hab, meldete avira ca alle 10-20 min funde, die ich dann immer in die quarantäne verschoben habe. Was es genau für ein virus ist, kann ich leider nicht sagen. wäre über tips sehr dankbar! |
|
11.05.2011, 17:17
| #2 | |
| /// Selecta Jahrusso   |  Virus :((( Du bist hier im falschen Bereich aber ich werde dir schnell mal helfen um die benötigten Logfiles zu posten. 1. Bist du mit diesem PC hier Online ? 2. Zitat:
Berichte bitte
__________________ |
|
11.05.2011, 17:24
| #3 |
| | Virus :((( DANKE für den Tip! explorer.exe und alles war wieder da
__________________was mach ich jetzt? am besten windows neu istallieren? |
|
11.05.2011, 17:30
| #4 | |
| /// Selecta Jahrusso | Virus :(((Zitat:
Deine Entscheidung. Egal für was du dich entscheidest würde ich mir gerne etwas ansehen. Drücke die Windows + R Taste und kopiere folgenden Text in die Zeile reg export "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" "%userprofile%\desktop\logon.txt" Drücke auf OK Poste mir den Inhalt der logon.txt mal hier bitte
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.05.2011, 17:32
| #5 |
| | Virus :((( Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"="1" "Shell"="explorer.exe" "PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}" "Userinit"="C:\\Windows\\system32\\userinit.exe" "VMApplet"="SystemPropertiesPerformance.exe /pagefile" "AutoRestartShell"=dword:00000001 "Background"="0 0 0" "CachedLogonsCount"="10" "DebugServerCommand"="no" "ForceUnlockLogon"=dword:00000000 "LegalNoticeCaption"="" "LegalNoticeText"="" "PasswordExpiryWarning"=dword:00000005 "PowerdownAfterShutdown"="0" "ShutdownWithoutLogon"="0" "WinStationsDisabled"="0" "DisableCAD"=dword:00000001 "scremoveoption"="0" "ShutdownFlags"=dword:0000002b [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] @="Wireless Group Policy" "DisplayName"=hex(2):40,00,77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00 "ProcessGroupPolicyEx"="ProcessWLANPolicyEx" "GenerateGroupPolicy"="GenerateWLANPolicy" "DllName"=hex(2):77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}] @="Group Policy Environment" "ProcessGroupPolicy"="ProcessGroupPolicyEnviron" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyEnviron" "ProcessGroupPolicyEx"="ProcessGroupPolicyExEnviron" "EventSources"="(Group Policy Environment,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}] @="Group Policy Local Users and Groups" "ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups" "ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups" "EventSources"="(Group Policy Local Users and Groups,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}] @="Group Policy Device Settings" "ProcessGroupPolicy"="ProcessGroupPolicyDevices" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyDevices" "ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices" "EventSources"="(Group Policy Device Settings,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] @="Folder Redirection" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "NoMachinePolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "NoGPOListChanges"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "GenerateGroupPolicy"="GenerateGroupPolicy" "EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\ 00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00 "DisplayName"=hex(2):40,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,\ 00,6c,00,6c,00,2c,00,2d,00,32,00,36,00,31,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @="Microsoft Disk Quota" "DisplayName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,\ 00,2c,00,2d,00,31,00,30,00,30,00,00,00 "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\ 00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00 "ProcessGroupPolicy"="ProcessGroupPolicy" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}] @="Group Policy Network Options" "ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions" "ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions" "EventSources"="(Group Policy Network Options,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,34,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] @="QoS Packet Scheduler" "DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\ 00,6c,00,2c,00,2d,00,32,00,30,00,31,00,00,00 "ProcessGroupPolicy"="ProcessPSCHEDPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] @="Scripts" "ProcessGroupPolicy"="ProcessScriptsGroupPolicy" "DllName"=hex(2):67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateScriptsGroupPolicy" "NoSlowLink"=dword:00000001 "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx" "NoGPOListChanges"=dword:00000001 "NotifyLinkTransition"=dword:00000001 "DisplayName"=hex(2):40,00,67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @="Internet Explorer Zonemapping" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "DllName"="C:\\Windows\\System32\\iedkcs32.dll" "RequiresSuccessfulRegistry"=dword:00000001 "NoGPOListChanges"=dword:00000001 "DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}] @="Group Policy Drive Maps" "ProcessGroupPolicy"="ProcessGroupPolicyDrives" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyDrives" "ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives" "EventSources"="(Group Policy Drive Maps,Application)" "NoMachinePolicy"=dword:00000001 "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}] @="Group Policy Folders" "ProcessGroupPolicy"="ProcessGroupPolicyFolders" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyFolders" "ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders" "EventSources"="(Group Policy Folders,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,36,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}] @="Group Policy Network Shares" "ProcessGroupPolicy"="ProcessGroupPolicyNetShares" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyNetShares" "ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares" "EventSources"="(Group Policy Network Shares,Application)" "NoUserPolicy"=dword:00000001 "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,00,00 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}] @="Group Policy Files" "ProcessGroupPolicy"="ProcessGroupPolicyFiles" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyFiles" "ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles" "EventSources"="(Group Policy Files,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,38,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}] @="Group Policy Data Sources" "ProcessGroupPolicy"="ProcessGroupPolicyDataSources" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyDataSources" "ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources" "EventSources"="(Group Policy Data Sources,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}] @="Group Policy Ini Files" "ProcessGroupPolicy"="ProcessGroupPolicyIniFile" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyIniFile" "ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile" "EventSources"="(Group Policy Ini Files,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}] @="Windows Search Group Policy Extension" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,72,00,63,00,68,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "RequiresSuccessfulRegistry"=dword:00000001 "NoSlowLink"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoUserPolicy"=dword:00000000 "NoMachinePolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "EnableAsynchronousProcessing"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}] @="Internet Explorer User Accelerators" "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "DllName"="C:\\Windows\\System32\\iedkcs32.dll" "RequiresSuccessfulRegistry"=dword:00000001 "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "NoGPOListChanges"=dword:00000001 "DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] @="Security" "DisplayName"=hex(2):40,00,28,00,72,00,75,00,6e,00,74,00,69,00,6d,00,65,00,2e,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,29,00,5c,00,73,00,63,00,\ 65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,36,00,35,\ 00,30,00,00,00 "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}] @="Deployed Printer Connections" "DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,67,00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,\ 00,2c,00,2d,00,31,00,00,00 "DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,67,\ 00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 "EnableAsynchronousProcessing"=dword:00000001 "ExtensionEventSource"="" "GenerateGroupPolicy"="PrinterGenerateGroupPolicy" "MaxNoGPOListChangesInterval"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000001 "NotifyLinkTransition"=dword:00000000 "NoUserPolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="PrinterProcessGroupPolicy" "ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx" "RequiresSuccessfulRegistry"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}] @="Group Policy Services" "ProcessGroupPolicy"="ProcessGroupPolicyServices" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyServices" "ProcessGroupPolicyEx"="ProcessGroupPolicyExServices" "EventSources"="(Group Policy Services,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,00,00,00 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] @="Internet Explorer Branding" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"="C:\\Windows\\System32\\iedkcs32.dll" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoSlowLink"=dword:00000001 "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3014" "NoBackgroundPolicy"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}] @="Group Policy Folder Options" "ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions" "ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions" "EventSources"="(Group Policy Folder Options,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,32,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}] @="Group Policy Scheduled Tasks" "ProcessGroupPolicy"="ProcessGroupPolicySchedTasks" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicySchedTasks" "ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks" "EventSources"="(Group Policy Scheduled Tasks,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}] @="Group Policy Registry" "ProcessGroupPolicy"="ProcessGroupPolicyRegistry" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyRegistry" "ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry" "EventSources"="(Group Policy Registry,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,34,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @="802.3 Group Policy" "DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\ 00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00 "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\ 2e,00,64,00,6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}] @="Group Policy Printers" "ProcessGroupPolicy"="ProcessGroupPolicyPrinters" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyPrinters" "ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters" "EventSources"="(Group Policy Printers,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,36,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}] @="Group Policy Shortcuts" "ProcessGroupPolicy"="ProcessGroupPolicyShortcuts" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyShortcuts" "ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts" "EventSources"="(Group Policy Shortcuts,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @="Microsoft Offline Files" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,73,00,63,00,6f,00,62,00,6a,00,2e,00,64,00,6c,00,6c,00,00,00 "RequiresSuccessfulRegistry"=dword:00000001 "NoSlowLink"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoUserPolicy"=dword:00000000 "NoMachinePolicy"=dword:00000000 "PerUserLocalSettings"=dword:00000000 "EnableAsynchronousProcessing"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @="Software Installation" "RequiresSucessfulRegistry"=dword:00000000 "DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicy" "NoSlowLink"=dword:00000001 "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\ 74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,29,00,00,00,00,00 "NoUserPolicy"=dword:00000000 "DisplayName"=hex(2):40,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,32,00,35,00,32,00,00,00 "PerUserLocalSettings"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] @="TCPIP" "DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\ 00,6c,00,2c,00,2d,00,32,00,30,00,34,00,00,00 "ProcessGroupPolicy"="ProcessTCPIPPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] @="Internet Explorer Machine Accelerators" "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "DllName"="C:\\Windows\\System32\\iedkcs32.dll" "RequiresSuccessfulRegistry"=dword:00000001 "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "NoGPOListChanges"=dword:00000001 "DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] @="IP Security" "ProcessGroupPolicyEx"="ProcessIPSECPolicyEx" "GenerateGroupPolicy"="GenerateIPSECPolicy" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,\ 00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000000 "DisplayName"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\ 6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\ 00,35,00,30,00,31,00,32,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}] @="Group Policy Internet Settings" "ProcessGroupPolicy"="ProcessGroupPolicyInternet" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyInternet" "ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet" "EventSources"="(Group Policy Internet Settings,Application)" "NoMachinePolicy"=dword:00000001 "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,38,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}] @="Group Policy Start Menu Settings" "ProcessGroupPolicy"="ProcessGroupPolicyStartMenu" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyStartMenu" "ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu" "EventSources"="(Group Policy Start Menu Settings,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,39,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}] @="Group Policy Regional Options" "ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions" "ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions" "EventSources"="(Group Policy Regional Options,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,30,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}] @="Group Policy Power Options" "ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions" "ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions" "EventSources"="(Group Policy Power Options,Application)" "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,31,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}] @="Audit Policy Configuration" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "DllName"=hex(2):61,00,75,00,64,00,69,00,74,00,63,00,73,00,65,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 "ForceRefreshFG"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}] @="Group Policy Applications" "ProcessGroupPolicy"="ProcessGroupPolicyApplications" "DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "GenerateGroupPolicy"="GenerateGroupPolicyApplications" "ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications" "EventSources"="(Group Policy Applications,Application)" "NoMachinePolicy"=dword:00000001 "DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\ 00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,00,00,00 "PerUserLocalSettings"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}] @="Enterprise QoS" "DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\ 00,6c,00,2c,00,2d,00,32,00,30,00,33,00,00,00 "ProcessGroupPolicy"="ProcessEQoSPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] @="CP" "DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\ 00,6c,00,2c,00,2d,00,32,00,30,00,35,00,00,00 "ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked] |
|
11.05.2011, 17:36
| #6 |
| /// Selecta Jahrusso | Virus :((( Das was ich sehen wollte ist OK. Willst Du formatieren oder bereinigen. Es bleibt deine Entscheidung. Solltest Du dich für eine Bereinigung entscheiden, bitte folgendes lesen und abarbeiten. http://www.trojaner-board.de/69886-a...beachten.html] einen eigenen Thread erstellen in diesem Forum erstellen. http://www.trojaner-board.de/plagege...n-bekaempfung/
__________________ --> Virus :((( |
|
11.05.2011, 17:39
| #7 |
| | Virus :((( puh die is zienlich lang die hier hochzuladen würde ewig dauern |
|
11.05.2011, 17:56
| #8 |
| /// Selecta Jahrusso | Virus :(((
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.05.2011, 17:56
| #9 |
| | Virus :((( der text is ziemlich lang würde ne zeit lang dauern den hier hochzuladen |
|
11.05.2011, 17:57
| #10 |
| | Virus :((( verdammt sry  |
|
| Themen zu Virus :((( |
| anfang, anmelden, automatisch, avira, bildschirm, bildschirm schwarz, bluescreen, desktop, error, fiese, firefox, internetseite, min, neu, ordner, programme, quarantäne, runterfahren, seite, seiten, starten, task manager, taskleiste, updates, virus, virus runtergeladen, windows, windows 7, windows 7 ultimate |
Linear-Darstellung
