Home » Viren, Trojaner & Malware Forum » Hartnäckiges Virenproblem (Ad.Clicker?) » Themenansicht

Hartnäckiges Virenproblem (Ad.Clicker?)
#0
08.07.2006, 13:21
joshi
Member

Themenstarter

Beiträge: 14
#16

Zitat

Sabina postete
- POST_THIS.TXT abkopieren
The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows 2000 Professional
Version: 5.0.2195 Service Pack 4
Jul 8, 2006 13:21:12


---> Begin Service Listing <---

Unknown Service # 1
Service Name: F-Prot Antivirus Update Monitor
Display Name: F-Prot Antivirus Update Monitor
Start Mode: Auto
Start Name: LocalSystem
Description: F-Prot Antivirus Update ...
Service Type: Own Process
Path: "c:\programme\f-prot\fpavupdm.exe"
State: Running
Process ID: 608
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 2
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: InstallDriver Table ...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 3
Service Name: iPodService
Display Name: iPodService
Start Mode: Manual
Start Name: LocalSystem
Description: iPodService...
Service Type: Own Process
Path: c:\programme\ipod\bin\ipodservice.exe
State: Running
Process ID: 1424
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 4
Service Name: KPF4
Display Name: Kerio Personal Firewall 4
Start Mode: Auto
Start Name: LocalSystem
Description: Kerio Personal Firewall ...
Service Type: Own Process
Path: c:\programme\kerio\personal firewall 4\kpf4ss.exe
State: Running
Process ID: 628
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 5
Service Name: MDM
Display Name: Machine Debug Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Machine Debug ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe"
State: Running
Process ID: 664
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 6
Service Name: MWAgent
Display Name: MWAgent
Start Mode: Auto
Start Name: LocalSystem
Description: MWAgent...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\microworld\agent\mwaser.exe
State: Running
Process ID: 684
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 7
Service Name: O&O Defrag
Display Name: O&O Defrag
Start Mode: Disabled
Start Name: LocalSystem
Description: O&O ...
Service Type: Own Process
Path: c:\winnt\system32\oodag.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 8
Service Name: ose
Display Name: Office Source Engine
Start Mode: Manual
Start Name: LocalSystem
Description: Office Source ...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 9
Service Name: V2i Protector
Display Name: V2i Protector
Start Mode: Disabled
Start Name: LocalSystem
Description: V2i ...
Service Type: Own Process
Path: c:\programme\drive image 7.0\agent\pqv2isvc.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 66 Win32 services on this machine.
9 were unrecognized.

Script Execution Time: 1,203125 seconds.
Seitenanfang Seitenende
08.07.2006, 13:24
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 F-Secure Online Scanner Next Generation Beta
http://support.f-secure.com/enu/home/ols3.shtml

1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta".
2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren
3. Installiere diese ActiveX-Komponente
4. Lies die Anleitung und klicke: "Accept"
5. Klicke "Full System Scan"
6. klicke "Show report" - kopiere den Scanreport

+
poste das log
http://virus-protect.org/registry_stuff.html

----------

ist fuer mich:
http://www.sophos.de/security/analyses/w32rbotaum.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2006, 14:07
joshi
Member

Themenstarter

Beiträge: 14
#18 Mittlerweile ist die Zeile

Zitat

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0E0C12C-0CA3-4662-899E-81EA48415601}: NameServer = 85.255.115.93 85.255.112.14
wieder in HijackThis aufgetaucht ;)

Zitat

Sabina postete
F-Secure Online Scanner Next Generation Beta
klicke "Show report" - kopiere den Scanreport
Scanning Report
Saturday, July 08, 2006 13:34:59 - 14:06:30
Computer name: GANDALF
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\ G:\ H:\


--------------------------------------------------------------------------------

Result: 5 malware found
Alexa (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
Trojan.Win32.DNSChanger.ef (virus)
C:\WINNT\SYSTEM32\ULDWF.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 24123
System: 4332
Not scanned: 5
Actions:
Disinfected: 2
Renamed: 1
Deleted: 0
None: 2
Submitted: 1
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINNT\SYSTEM32\DRIVERS\DTSCSI.SYS
C:\WINNT\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINNT\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-07-07
F-Secure Libra: 2.4.1, 2006-07-04
F-Secure Orion: 1.2.37, 2006-07-06
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-06-05
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
--------------------------------------------------------------------------------


Zitat

Sabina postete
poste das log
http://virus-protect.org/registry_stuff.html
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000120
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Gemeinsame Nutzung der Internetverbindung"
"DependOnService"=hex(7):52,61,73,4d,61,6e,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Bietet allen Computern über eine DFÜ-Verbindung Netzwerkadressübersetzungs- und Namensauflösungsdienste auf Ihrem Netzwerk."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00
"SharedAutoDial"=dword:00000000
"SharedConnection"=hex:20,04,00,00,00,00,00,00,18,04,00,00,43,00,6f,00,6e,00,\
6e,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,74,00,6f,00,20,00,48,00,4e,\
00,2d,00,58,00,44,00,53,00,4c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,00,00,00,43,00,3a,00,5c,00,44,00,6f,00,6b,\
00,75,00,6d,00,65,00,6e,00,74,00,65,00,20,00,75,00,6e,00,64,00,20,00,45,00,\
69,00,6e,00,73,00,74,00,65,00,6c,00,6c,00,75,00,6e,00,67,00,65,00,6e,00,5c,\
00,41,00,6c,00,6c,00,20,00,55,00,73,00,65,00,72,00,73,00,5c,00,41,00,6e,00,\
77,00,65,00,6e,00,64,00,75,00,6e,00,67,00,73,00,64,00,61,00,74,00,65,00,6e,\
00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,4e,00,\
65,00,74,00,77,00,6f,00,72,00,6b,00,5c,00,43,00,6f,00,6e,00,6e,00,65,00,63,\
00,74,00,69,00,6f,00,6e,00,73,00,5c,00,50,00,62,00,6b,00,5c,00,72,00,61,00,\
73,00,70,00,68,00,6f,00,6e,00,65,00,2e,00,70,00,62,00,6b,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00
"BackupIPAddress"=hex(7):31,39,32,2e,31,36,38,2e,30,2e,32,34,00,00
"BackupSubnetMask"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00
"BackupDefaultGateway"=hex(7):00
"BackupEnableDHCP"=dword:00000000
"SharedPrivateLan"="{bfcabc1a-8a5c-41f4-9c3e-e8e73d56c39e}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,70,00,04,00,00,00,00,00,18,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,20,02,00,00,00,00,1c,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,98,3a,00,00,00,00,18,00,8d,01,02,00,01,01,00,00,00,\
00,00,05,0b,00,00,00,20,02,00,00,00,00,1c,00,fd,01,02,00,01,02,00,00,00,00,\
00,05,20,00,00,00,23,02,00,00,98,3a,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,45,50,4d,41,50,50,45,52,00,\
4c,4f,43,41,54,4f,52,00,54,72,6b,57,6b,73,00,54,72,6b,53,76,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:72,3a,d9,49,f7,5e,5e,42,a3,ac,6b,21,df,58,5f,c3
"RestrictNullSessAccess"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"OtherDomains"=hex(7):00


[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Microsoft sddcE Contol"="taskmnegr.exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,65,72,76,69,63,65,73,2e,65,78,65,00
"DisplayName"="Nachrichtendienst"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Sendet und empfängt Nachrichten, die von Administratoren oder vom Warndienst übertragen wurden."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Ermöglicht die Bearbeitung der Registrierung über das Netzwerk."
"DisplayName"="Remote-Registrierungsdienst"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,72,65,67,73,76,63,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000010
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"DependOnService"=hex(7):52,70,63,53,73,00,54,63,70,49,70,00,00
"Description"="Ermöglicht es einem Remotebenutzer, sich am System anzumelden und Konsolenprogramme unter der Verwendung der Befehlszeile auszuführen."
"DisplayName"="Telnet"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,74,6c,6e,74,73,76,72,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000010


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"="Y"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,00
"LsaPid"=dword:00000170
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"fullprivilegeauditing"=hex:00
"lmcompatibilitylevel"=dword:00000000
"restrictanonymous"=dword:00000000
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:5f,e2,71,c2,87,4e,ad,f8,99,a4,28,3d,8c,1b,cf,05,37,64,62,65,30,\
31,63,65,00,fd,06,00,01,00,00,00,a8,00,00,00,b4,00,00,00,54,fa,06,00,7d,3e,\
5e,76,04,00,00,00,b0,fd,06,00,a8,fd,06,00,a6,5c,85,8e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:04,fc,ae,2d,38,17,6f,34,e9

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:0c,55,26,ed,55,db

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:bd,ed,a1,35,24,94,6f,77,9b,d5,69,e5,0b,44,7f,45

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:3a,88,25,e9,4f,c9,c3,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,f6,c4,9b,36,4f,c2,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,a0,8b,15,06,43,bf,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,a0,8b,15,06,43,bf,01
"Type"=dword:00000031
Dieser Beitrag wurde am 08.07.2006 um 14:13 Uhr von joshi editiert.
Seitenanfang Seitenende
08.07.2006, 16:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 1.
gehe in die Registry
Start -Ausfuehren - regedit
bearbeiten - suchen - taskmnegr

[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Microsoft sddcE Contol"="taskmnegr.exe"<--loeschen

2.
Fixe den 017-Eintrag im HijackThis

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0E0C12C-0CA3-4662-899E-81EA48415601}: NameServer = 85.255.115.93 85.255.112.14

3.
PC neustarten

4.
Um die Diensteverwaltung explizit aufzurufen, gebe ein unter
Start - Ausführen: services.msc
Nun werden alle laufenden Dienste angezeigt.

Remote-Registrierung
Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können.
Starttyp-Empfehlung: Deaktiviert (aus Sicherheitsgründen)

Nachrichtendienst
Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden.
Der Dienst kann und sollte aufgrund fortgesetzten Missbrauchs deaktiviert werden.

Telnet
Ermöglicht einem Remotebenutzer, sich an diesem Computer anzumelden und Programme auszuführen. Unterstützt verschiedene TCP/IP-Telnetclients, einschließlich UNIX-basierten und Windows-basierten Computern. Wenn dieser Dienst angehalten wird, ist der Remotezugriff möglicherweise nicht mehr verfügbar. Wenn dieser Dienst deaktiviert wird, können alle Dienste, die explizit von diesem Dienst abhängen, nicht mehr gestartet werden.
Starttyp-Empfehlung: Deaktiviert (aus Sicherheitsgründen)


-----------------------------------------------------------------------------
5..
noch mal:
FixWareout
Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt -> hier posten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2006, 17:04
joshi
Member

Themenstarter

Beiträge: 14
#20 Huhu Sabina,

ich habe alle Punkte gemacht, wie Du geschrieben hast. Die Zeile 17 taucht im HijackThis aber nach jedem Neuboot wieder neu auf. Fixwareout hat folgendes Log produziert:


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINNT\system32




Hier nochmal ein aktueller HijackThis Report:

Logfile of HijackThis v1.99.1
Scan saved at 17:03:57, on 08.07.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\F-Prot\fpavupdm.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\EDITPL~1\EDITPLUS.EXE
C:\Programme\F-Prot\F-StopW.EXE
C:\WINNT\system32\sstray.exe
C:\Programme\ASUS Probe\AsusProb.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\MOUSEI~1\MIProHst.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\internat.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Nebula\DigiTV\DigiTV.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Dokumente und Einstellungen\marcbaxxter\Desktop\Virenentfernung\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [F-StopW] C:\Programme\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\MOUSEI~1\MIProHst.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: DigiTV.lnk = C:\Programme\Nebula\DigiTV\DigiTV.exe
O8 - Extra context menu item: Im Standard-Aggregator abonnieren - C:\Dokumente und Einstellungen\marcbaxxter\Anwendungsdaten\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0E0C12C-0CA3-4662-899E-81EA48415601}: NameServer = 85.255.115.93 85.255.112.14
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Seitenanfang Seitenende
08.07.2006, 17:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 scanne mit ewido (im abgesicherten modus und poste den report)
http://virus-protect.org/ewido.html

auch im abgesicherten modus fixe den 017-Eintrag und starte den rechner neu.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2006, 17:50
joshi
Member

Themenstarter

Beiträge: 14
#22 Huhu,

ich konnte ewido leider nicht im abgesicherten modus starten. Nach dem Starten kam nach ca. 1 Minute eine MessageBox mit dem Text "something bad happened to ewido" und dann ging es nicht weiter. Ich habe ewido im "normalen" Windowsmodus laufen lassen, das ging.

Den 017 Eintrag habe ich im abgesicherten Modus gefixed. NAch dem booten habe ich HijackThis mehrfach ausgeführt. Der Eintrag kommt genau in dem Moment wieder, in dem ich mich ins Internet einwähle, vorher nicht.

Gibt es noch eine Möglichkeit, ewido im abgesicherten Modus zu starten? Hier das log aus dem normalen Windows-Modus:

---------------------------------------------------------
ewido anti-spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 17:44:57 08.07.2006

+ Scan-Ergebnis:



C:\Dokumente und Einstellungen\marcbaxxter\Cookies\marcbaxxter@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Keine Aktion durchgeführt.


::Berichtende
Seitenanfang Seitenende
08.07.2006, 18:22
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 die internetverbindung wird umgeleitet (auf einen Server in der Ukraine)
der fakt, dass sie immer wieder kommt: es gibt noch dateien, zu denen die Malware kontakt hat, sonst wuerde es nicht geschehen, aber ich finde die Dateien nicht (f-secure hat noch eine gefunden)
Trojan.Win32.DNSChanger.ef (virus)
C:\WINNT\SYSTEM32\ULDWF.EXE (Renamed & Submitted)


kopiere in Registry Search

{F0E0C12C-0CA3-4662-899E-81EA48415601}
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.07.2006, 18:32
joshi
Member

Themenstarter

Beiträge: 14
#24 Huhu Sabina,

mh, das ist ja echt wie verhext, sieht dann wohl doch nach Neuinstallation aus, wenn ich Dich richtig verstehe?

Zitat

Sabina postete
kopiere in Registry Search
{F0E0C12C-0CA3-4662-899E-81EA48415601}
Hier das Ergebnis:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 08.07.2006 18:31:29 for strings:
; '{f0e0c12c-0ca3-4662-899e-81ea48415601}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters]
; Contents of value:
;  ݯd+ ݯd, ݯd ݯd
"{F0E0C12C-0CA3-4662-899E-81EA48415601}"=hex:0f,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,06,dd,af,44,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
06,dd,af,44,2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,dd,af,44,06,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,dd,af,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Linkage]
; Contents of value:
; \Device\NetbiosSmb
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,\
45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,\
2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,\
42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,\
46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,\
43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,\
5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,\
41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,\
7d,00,00
; Contents of value:
; \Device\LanmanServer_NetbiosSmb
; \Device\LanmanServer_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\LanmanServer_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanServer_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,\
4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,\
53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,\
44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,\
38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,\
76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,\
2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,\
33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,\
5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,\
34,37,2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,\
7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,\
37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,\
69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,\
39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Linkage]
; Contents of value:
; \Device\NetbiosSmb
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,\
45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,\
2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,\
42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,\
46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,\
43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,\
5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,\
41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,\
7d,00,00
; Contents of value:
; \Device\LanmanWorkstation_NetbiosSmb
; \Device\LanmanWorkstation_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\LanmanWorkstation_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanWorkstation_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,\
74,69,6f,6e,5f,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,\
61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,\
42,43,30,2d,41,41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,\
5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,\
54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,\
2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,\
63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,\
4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,\
35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,\
00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,\
6e,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,\
43,41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,\
31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Linkage]
; Contents of value:
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,\
41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,\
46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,\
39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,\
35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,\
2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,\
30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,\
44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\
69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,39,\
39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00
; Contents of value:
; \Device\NetBIOS_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBIOS_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBIOS_NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBIOS_NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBIOS_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBIOS_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,\
46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,\
69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,\
38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,39,\
2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,35,\
41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,\
7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,\
31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,\
42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,\
42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,\
46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,\
42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,\
36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage]
; Contents of value:
; \Device\Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,42,46,43,\
41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,\
33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
46,31,32,36,34,31,36,39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,\
31,35,42,37,38,43,42,35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,\
31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,\
63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,\
38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,\
65,5c,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,\
44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,\
76,69,63,65,5c,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,\
2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,\
00
; Contents of value:
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,\
41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,\
46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,\
39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,\
35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,\
2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,\
30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,\
44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\
69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,39,\
39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage]
; Contents of value:
; \Device\Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33}
; \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50}
; \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,42,46,43,\
41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,\
33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,2d,34,\
33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,\
39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,54,\
63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,\
42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,\
65,5c,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,\
36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
; Contents of value:
; Tcpip\Parameters\Interfaces\{0F05921B-FD47-4763-86C1-43213A222E33}
; Tcpip\Parameters\Interfaces\{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} Tcpip\Parameters\Interfaces\{FAA5503B-A955-45D7-BC3B-6DE590D5FC50}
; Tcpip\Parameters\Interfaces\{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} Tcpip\Parameters\Interfaces\{F0E0C12C-0CA3-4662-899E-81EA48415601}
; Tcpip\Parameters\Interfaces\{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,54,63,70,\
69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,\
7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,\
31,31,41,37,43,46,33,42,46,31,41,37,7d,00,54,63,70,69,70,5c,50,61,72,61,6d,\
65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,7b,46,41,41,35,35,30,33,\
42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,\
46,43,35,30,7d,00,54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,\
74,65,72,66,61,63,65,73,5c,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,\
36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F0E0C12C-0CA3-4662-899E-81EA48415601}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dhcp\Parameters]
; Contents of value:
;  ŠÓ¯d+ ŠÓ¯d, ŠÓ¯d ŠÓ¯d
"{F0E0C12C-0CA3-4662-899E-81EA48415601}"=hex:0f,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,8a,d3,af,44,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
8a,d3,af,44,2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,8a,d3,af,44,06,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,8a,d3,af,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\Linkage]
; Contents of value:
; \Device\NetbiosSmb
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,\
45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,\
2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,\
42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,\
46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,\
43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,\
5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,\
41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,\
7d,00,00
; Contents of value:
; \Device\LanmanServer_NetbiosSmb
; \Device\LanmanServer_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\LanmanServer_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanServer_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,\
4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,\
53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,\
44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,\
38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,\
76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,\
2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,\
33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,\
5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,\
34,37,2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,\
7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,\
37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,\
69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,\
39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanworkstation\Linkage]
; Contents of value:
; \Device\NetbiosSmb
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,\
45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,\
2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,\
42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,\
46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,\
43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,\
5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,\
41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,\
7d,00,00
; Contents of value:
; \Device\LanmanWorkstation_NetbiosSmb
; \Device\LanmanWorkstation_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\LanmanWorkstation_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanWorkstation_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,\
74,69,6f,6e,5f,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,\
61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,\
42,43,30,2d,41,41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,\
5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,\
54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,\
2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,\
63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,\
4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,\
35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,\
00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,\
6e,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,\
43,41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,\
31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBIOS\Linkage]
; Contents of value:
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,\
41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,\
46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,\
39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,\
35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,\
2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,\
30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,\
44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\
69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,39,\
39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00
; Contents of value:
; \Device\NetBIOS_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBIOS_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBIOS_NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBIOS_NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBIOS_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBIOS_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,\
46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,\
69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,\
38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,39,\
2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,35,\
41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,\
7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,\
31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,\
42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,\
42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,\
46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,\
42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,\
36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Linkage]
; Contents of value:
; \Device\Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,42,46,43,\
41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,\
33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
46,31,32,36,34,31,36,39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,\
31,35,42,37,38,43,42,35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,\
31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,\
63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,\
38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,\
65,5c,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,\
44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,\
76,69,63,65,5c,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,\
2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,\
00
; Contents of value:
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,\
41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,\
46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,\
39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,\
35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,\
2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,\
30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,\
44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\
69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,39,\
39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Linkage]
; Contents of value:
; \Device\Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33}
; \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50}
; \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,42,46,43,\
41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,\
33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,2d,34,\
33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,\
39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,54,\
63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,\
42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,\
65,5c,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,\
36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\NdisWanIp]
; Contents of value:
; Tcpip\Parameters\Interfaces\{0F05921B-FD47-4763-86C1-43213A222E33}
; Tcpip\Parameters\Interfaces\{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} Tcpip\Parameters\Interfaces\{FAA5503B-A955-45D7-BC3B-6DE590D5FC50}
; Tcpip\Parameters\Interfaces\{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} Tcpip\Parameters\Interfaces\{F0E0C12C-0CA3-4662-899E-81EA48415601}
; Tcpip\Parameters\Interfaces\{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,54,63,70,\
69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,\
7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,\
31,31,41,37,43,46,33,42,46,31,41,37,7d,00,54,63,70,69,70,5c,50,61,72,61,6d,\
65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,7b,46,41,41,35,35,30,33,\
42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,\
46,43,35,30,7d,00,54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,\
74,65,72,66,61,63,65,73,5c,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,\
36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F0E0C12C-0CA3-4662-899E-81EA48415601}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters]
; Contents of value:
;  ݯd+ ݯd, ݯd ݯd
"{F0E0C12C-0CA3-4662-899E-81EA48415601}"=hex:0f,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,06,dd,af,44,2b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
06,dd,af,44,2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,dd,af,44,06,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,06,dd,af,44

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Linkage]
; Contents of value:
; \Device\NetbiosSmb
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,\
45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,\
2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,\
42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,\
46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,\
43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,\
5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,\
41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,\
7d,00,00
; Contents of value:
; \Device\LanmanServer_NetbiosSmb
; \Device\LanmanServer_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\LanmanServer_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanServer_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip
; \Device\LanmanServer_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanServer_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanServer_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,\
4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,\
53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,\
44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,\
38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,\
76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,\
2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,\
33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,\
5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,\
34,37,2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,\
7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,\
37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,\
69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,\
39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Linkage]
; Contents of value:
; \Device\NetbiosSmb
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,\
45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,\
2d,34,37,36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,\
42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,\
46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,\
43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,\
5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,\
41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,\
7d,00,00
; Contents of value:
; \Device\LanmanWorkstation_NetbiosSmb
; \Device\LanmanWorkstation_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\LanmanWorkstation_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\LanmanWorkstation_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip
; \Device\LanmanWorkstation_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanWorkstation_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\LanmanWorkstation_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,\
74,69,6f,6e,5f,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,\
61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,\
42,43,30,2d,41,41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,\
5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,\
54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,\
2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,\
63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,\
4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,\
35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,\
00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,\
6e,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,\
43,41,33,2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,\
31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage]
; Contents of value:
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,\
41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,\
46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,\
39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,\
35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,\
2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,\
34,42,39,42,2d,38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,\
44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,\
30,33,42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,\
44,35,46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\
69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,36,36,32,2d,38,39,\
39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00
; Contents of value:
; \Device\NetBIOS_NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBIOS_NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBIOS_NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBIOS_NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBIOS_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBIOS_NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBIOS_NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,\
46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,\
69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,\
38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,39,\
2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,35,\
41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,\
36,33,2d,38,36,43,31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,\
7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,38,35,41,39,2d,\
31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,\
42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,\
42,2d,41,39,35,35,2d,34,35,44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,\
46,43,35,30,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,\
42,54,5f,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,2d,34,\
36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage]
; Contents of value:
; \Device\Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,45,33,44,33,38,44,\
46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,41,45,46,43,38,38,\
32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,42,46,43,\
41,42,43,31,41,2d,38,41,35,43,2d,34,31,46,34,2d,39,43,33,45,2d,45,38,45,37,\
33,44,35,36,43,33,39,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
46,31,32,36,34,31,36,39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,\
31,35,42,37,38,43,42,35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,\
31,2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,\
63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,2d,34,42,39,42,2d,\
38,35,41,39,2d,31,31,41,37,43,46,33,42,46,31,41,37,7d,00,5c,44,65,76,69,63,\
65,5c,54,63,70,69,70,5f,7b,46,41,41,35,35,30,33,42,2d,41,39,35,35,2d,34,35,\
44,37,2d,42,43,33,42,2d,36,44,45,35,39,30,44,35,46,43,35,30,7d,00,5c,44,65,\
76,69,63,65,5c,54,63,70,69,70,5f,7b,46,30,45,30,43,31,32,43,2d,30,43,41,33,\
2d,34,36,36,32,2d,38,39,39,45,2d,38,31,45,41,34,38,34,31,35,36,30,31,7d,00,\
00
; Contents of value:
; \Device\NetBT_Tcpip_{E3D38DF9-1165-499F-8BC0-AAEFC882FEA3}
; \Device\NetBT_Tcpip_{BFCABC1A-8A5C-41F4-9C3E-E8E73D56C39E} \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83}
; \Device\NetBT_Tcpip_{F1264169-C250-4673-AD5E-D15B78CB5A83} \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7}
; \Device\NetBT_Tcpip_{0F05921B-FD47-4763-86C1-43213A222E33} \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{C0D7BD3B-5143-4B9B-85A9-11A7CF3BF1A7} \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{FAA5503B-A955-45D7-BC3B-6DE590D5FC50} \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
; \Device\NetBT_Tcpip_{F0E0C12C-0CA3-4662-899E-81EA48415601}
;
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
45,33,44,33,38,44,46,39,2d,31,31,36,35,2d,34,39,39,46,2d,38,42,43,30,2d,41,\
41,45,46,43,38,38,32,46,45,41,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,42,46,43,41,42,43,31,41,2d,38,41,35,43,2d,34,31,\
46,34,2d,39,43,33,45,2d,45,38,45,37,33,44,35,36,43,33,39,45,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,46,31,32,36,34,31,36,\
39,2d,43,32,35,30,2d,34,36,37,33,2d,41,44,35,45,2d,44,31,35,42,37,38,43,42,\
35,41,38,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,30,46,30,35,39,32,31,42,2d,46,44,34,37,2d,34,37,36,33,2d,38,36,43,31,\
2d,34,33,32,31,33,41,32,32,32,45,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,43,30,44,37,42,44,33,42,2d,35,31,34,33,
Seitenanfang Seitenende
08.07.2006, 19:34
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 **
Start - Ausführen: services.msc

TCP/IP-NetBIOS-Hilfsprogramm
Ermöglicht die Unterstützung vom NetBIOS-über-TCP/IP-Dienst (NetBT) und die NetBIOS-Namensauflösung.

Hinweis: Für die meisten Netzwerkverbindungen nicht erforderlich, und zugleich ein potentielles Sicherheitsproblem. Sollten nach dieser Einstellung Netzwerkprobleme auftauchen, Einstellung zurücksetzen

**
in der Registry
bearbeiten - suchen - {F0E0C12C-0CA3-4662-899E-81EA48415601}

loesche alles raus.

**
PC neustarten, aber vorher auch den 017-Eintrag aus dem HijackThis fixen.

**
neue Internetverbindung erstellen - >manuell mit den Zugangsdaten des Providers herstellen. Bei Netzwerk/Eigenschaften des Internetprotokolls steht denn auch IP und DNS automatisch beziehen.

**
poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.07.2006, 09:56
joshi
Member

Themenstarter

Beiträge: 14
#26 Guten Morgen,

edit: noch schnell ein NAchtrag, nach den Änderungen scheint es, als würde meine svchost.exe ab und zu abstürzen, zumindest hat sie das in den letzten 20 Minuten schon 2x gemacht.

Zitat

Sabina postete
TCP/IP-NetBIOS-Hilfsprogramm
Hab den Dienst beendet.


Zitat

Sabina postete
in der Registry
bearbeiten - suchen - {F0E0C12C-0CA3-4662-899E-81EA48415601}
loesche alles raus.
Hab ich auch gemacht.


Zitat

Sabina postete
PC neustarten, aber vorher auch den 017-Eintrag aus dem HijackThis fixen.
Der 017-Eintrag war nach dem Löschen in der registry nicht mehr da.

Zitat

Sabina postete
poste das neue Log vom HijackThis
Hier das log, jetzt sieht der 017-Eintrag anders aus:

Logfile of HijackThis v1.99.1
Scan saved at 09:57:01, on 09.07.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\F-Prot\fpavupdm.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\F-Prot\F-StopW.EXE
C:\WINNT\system32\sstray.exe
C:\Programme\ASUS Probe\AsusProb.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\MOUSEI~1\MIProHst.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\internat.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Nebula\DigiTV\DigiTV.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Dokumente und Einstellungen\marcbaxxter\Desktop\Virenentfernung\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [F-StopW] C:\Programme\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ASUS Probe] C:\Programme\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\MOUSEI~1\MIProHst.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: DigiTV.lnk = C:\Programme\Nebula\DigiTV\DigiTV.exe
O8 - Extra context menu item: Im Standard-Aggregator abonnieren - C:\Dokumente und Einstellungen\marcbaxxter\Anwendungsdaten\RssBandit\iecontext_subscribefeed.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAA5503B-A955-45D7-BC3B-6DE590D5FC50}: NameServer = 213.191.74.18 213.191.92.86
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
Dieser Beitrag wurde am 09.07.2006 um 10:16 Uhr von joshi editiert.
Seitenanfang Seitenende
09.07.2006, 13:01
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 ;)
geschafft!!!!!!!

Zitat

Domain: hansenet.de
Domain-Ace: hansenet.de
Nserver: ns1.hansenet.de 213.191.73.65
alles Gute fuer dich + PC ;)
(wenn es noch probleme geben sollte, mache eine Reparatur (mit der CD) , danach musst du nur noch die WindowsUpdates neu laden, aber die programme u.alles andere bleiben erhalten.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.07.2006, 13:22
joshi
Member

Themenstarter

Beiträge: 14
#28

Zitat

Sabina postete
;)
geschafft!!!!!!!
JUHU!!! Ich danke Dir!!! Muß ich mich morgen gleich mal an die Erstellung eines PayPal-Kontos machen ;)

Danke nochmal, hätte ich nicht gedacht, daß es noch solche genialen Foren wie dieses hier gibt!
Dieser Beitrag wurde am 09.07.2006 um 13:29 Uhr von joshi editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »
Seite(n): 12