Home » Viren, Trojaner & Malware Forum » Backdoor Ircbot, Spion Pcagent - Problem, Rat erforderlich » Themenansicht

Backdoor Ircbot, Spion Pcagent - Problem, Rat erforderlich
#0
28.04.2008, 21:23
toni20
...neu hier

Themenstarter

Beiträge: 9
#16 Die Probleme haben bereits vor dem 20.04.2008 begonnen. (Arnold)

Zuerst nun der dial-a-fix-log-file:

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 7.0.5730.11
MPC: 76497-OEM
CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz (~1800MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 2007-08-20
Memory (approx): 2014MB
Uptime: 0 hour(s)
Current directory: C:\Dokumente und Einstellungen\b***\Eigene Dateien\Downloads\dialfix\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---

2008-04-28 20:09:18 -- Dial-a-fix : [v0.60.0.24] -- started
20:09:18 | Policy scan started
20:09:18 | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
20:11:46 | Deleting C:\Dokumente und Einstellungen\b***\Lokale Einstellungen\Temp...
20:11:47 | C:\Dokumente und Einstellungen\b***\Lokale Einstellungen\Temp could not be completely emptied, please reboot and try again
20:11:47 | Deleting C:\WINDOWS\temp...
20:11:47 | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
20:11:47 | Deleting C:\DOKUME~1\B***~1\LOKALE~1\Temp...
20:11:47 | Re-created directory C:\DOKUME~1\B***~1\LOKALE~1\Temp
--- MSI ---
20:11:50 | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
20:11:56 | Unregistered: C:\WINDOWS\system32\msxml.dll
20:11:56 | Registered: C:\WINDOWS\system32\msxml.dll
20:11:56 | Unregistered: C:\WINDOWS\system32\msxml2.dll
20:11:57 | Registered: C:\WINDOWS\system32\msxml2.dll
20:11:58 | Unregistered: C:\WINDOWS\system32\msxml3.dll
20:11:59 | Registered: C:\WINDOWS\system32\msxml3.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\qmgr.dll
20:11:59 | Registered: C:\WINDOWS\system32\qmgr.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
20:11:59 | Registered: C:\WINDOWS\system32\qmgrprxy.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\winhttp.dll
20:11:59 | Registered: C:\WINDOWS\system32\winhttp.dll
20:11:59 | Registered: C:\WINDOWS\system32\wuapi.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\wuaueng.dll
20:11:59 | Registered: C:\WINDOWS\system32\wuaueng.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
20:11:59 | Registered: C:\WINDOWS\system32\wuaueng1.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\wucltui.dll
20:11:59 | Registered: C:\WINDOWS\system32\wucltui.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\wups.dll
20:11:59 | Registered: C:\WINDOWS\system32\wups.dll
20:11:59 | Unregistered: C:\WINDOWS\system32\wups2.dll
20:12:00 | Registered: C:\WINDOWS\system32\wups2.dll
20:12:00 | Unregistered: C:\WINDOWS\system32\wuweb.dll
20:12:00 | Registered: C:\WINDOWS\system32\wuweb.dll
20:12:00 | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
20:12:12 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
20:12:16 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
20:12:16 | Registered: C:\WINDOWS\system32\cryptdlg.dll
20:12:16 | Unregistered: C:\WINDOWS\system32\cryptui.dll
20:12:16 | Registered: C:\WINDOWS\system32\cryptui.dll
20:12:17 | Unregistered: C:\WINDOWS\system32\cryptext.dll
20:12:17 | Registered: C:\WINDOWS\system32\cryptext.dll
20:12:17 | Unregistered: C:\WINDOWS\system32\dssenh.dll
20:12:17 | Registered: C:\WINDOWS\system32\dssenh.dll
20:12:17 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
20:12:17 | Registered: C:\WINDOWS\system32\gpkcsp.dll
20:12:17 | Unregistered: C:\WINDOWS\system32\initpki.dll
20:12:55 | Registered: C:\WINDOWS\system32\initpki.dll
20:12:56 | Unregistered: C:\WINDOWS\system32\licdll.dll
20:12:56 | Registered: C:\WINDOWS\system32\licdll.dll
20:12:56 | Unregistered: C:\WINDOWS\system32\mssign32.dll
20:12:56 | Registered: C:\WINDOWS\system32\mssign32.dll
20:12:56 | Unregistered: C:\WINDOWS\system32\mssip32.dll
20:12:56 | Registered: C:\WINDOWS\system32\mssip32.dll
20:12:56 | Unregistered: C:\WINDOWS\system32\scardssp.dll
20:12:56 | Registered: C:\WINDOWS\system32\scardssp.dll
20:12:56 | Unregistered: C:\WINDOWS\system32\sccbase.dll
20:12:56 | Registered: C:\WINDOWS\system32\sccbase.dll
20:12:56 | Unregistered: C:\WINDOWS\system32\scecli.dll
20:12:57 | Registered: C:\WINDOWS\system32\scecli.dll
20:12:57 | Unregistered: C:\WINDOWS\system32\softpub.dll
20:12:57 | Registered: C:\WINDOWS\system32\softpub.dll
20:12:57 | Unregistered: C:\WINDOWS\system32\slbcsp.dll
20:12:57 | Registered: C:\WINDOWS\system32\slbcsp.dll
20:12:57 | Unregistered: C:\WINDOWS\system32\regwizc.dll
20:12:57 | Registered: C:\WINDOWS\system32\regwizc.dll
20:12:57 | Unregistered: C:\WINDOWS\system32\rsaenh.dll
20:12:57 | Registered: C:\WINDOWS\system32\rsaenh.dll
20:12:57 | Unregistered: C:\WINDOWS\system32\winhttp.dll
20:12:57 | Registered: C:\WINDOWS\system32\winhttp.dll
20:12:57 | Unregistered: C:\WINDOWS\system32\wintrust.dll
20:12:57 | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
20:12:57 | Registered: C:\WINDOWS\system32\acelpdec.ax
20:12:58 | Registered: C:\WINDOWS\system32\actxprxy.dll
20:12:58 | Registered: C:\WINDOWS\system32\asctrls.ocx
20:12:58 | Registered: C:\WINDOWS\system32\daxctle.ocx
20:12:58 | Registered: C:\WINDOWS\system32\hhctrl.ocx
20:12:58 | Registered: C:\WINDOWS\system32\l3codecx.ax
20:12:58 | Registered: C:\WINDOWS\system32\licmgr10.dll
20:12:58 | Registered: C:\WINDOWS\system32\mpg4ds32.ax
20:13:00 | Registered: C:\WINDOWS\system32\msdxm.ocx
20:13:01 | Registered: C:\WINDOWS\system32\proctexe.ocx
20:13:01 | Registered: C:\WINDOWS\system32\tdc.ocx
20:13:01 | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
20:13:01 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
20:13:01 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
20:13:01 | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
20:13:02 | Registered: C:\WINDOWS\system32\quartz.dll
20:13:02 | Registered: C:\WINDOWS\system32\danim.dll
20:13:02 | Registered: C:\WINDOWS\system32\dmscript.dll
20:13:02 | Registered: C:\WINDOWS\system32\dmstyle.dll
20:13:02 | Registered: C:\WINDOWS\system32\dxmasf.dll
20:13:02 | Registered: C:\WINDOWS\system32\dxtmsft.dll
20:13:02 | Registered: C:\WINDOWS\system32\dxtrans.dll
20:13:02 | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
20:13:02 | Registered: C:\WINDOWS\system32\atl.dll
20:13:02 | Registered: C:\WINDOWS\system32\corpol.dll
20:13:02 | Registered: C:\WINDOWS\system32\jscript.dll
20:13:02 | Registered: C:\WINDOWS\system32\dispex.dll
20:13:02 | Registered: C:\WINDOWS\system32\scrrun.dll
20:13:02 | Registered: C:\WINDOWS\system32\scrobj.dll
20:13:02 | Registered: C:\WINDOWS\system32\vbscript.dll
20:13:02 | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
20:13:02 | Registered: C:\WINDOWS\system32\activeds.dll
20:13:02 | Registered: C:\WINDOWS\system32\audiodev.dll
20:13:02 | Registered: C:\WINDOWS\system32\browsewm.dll
20:13:02 | Registered: C:\WINDOWS\system32\cabview.dll
20:13:03 | Registered: C:\WINDOWS\system32\cdfview.dll
20:13:03 | Registered: C:\WINDOWS\system32\clbcatex.dll
20:13:03 | Registered: C:\WINDOWS\system32\clbcatq.dll
20:13:03 | Registered: C:\WINDOWS\system32\comcat.dll
20:13:03 | Registered: C:\WINDOWS\system32\cscui.dll
20:13:03 | Registered: C:\WINDOWS\system32\credui.dll
20:13:03 | Registered: C:\WINDOWS\system32\datime.dll
20:13:03 | Registered: C:\WINDOWS\system32\devmgr.dll
20:13:03 | Registered: C:\WINDOWS\system32\dfsshlex.dll
20:13:03 | Registered: C:\WINDOWS\system32\dmdlgs.dll
20:13:03 | Registered: C:\WINDOWS\system32\dmdskmgr.dll
20:13:03 | Registered: C:\WINDOWS\system32\dmloader.dll
20:13:03 | Registered: C:\WINDOWS\system32\dmocx.dll
20:13:03 | Registered: C:\WINDOWS\system32\dmview.ocx
20:13:03 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
20:13:03 | Registered: C:\WINDOWS\system32\dsuiext.dll
20:13:03 | DllInstalled: C:\WINDOWS\system32\dsquery.dll
20:13:03 | Registered: C:\WINDOWS\system32\dsquery.dll
20:13:03 | Registered: C:\WINDOWS\system32\dskquoui.dll
20:13:03 | Registered: C:\WINDOWS\system32\els.dll
20:13:03 | Registered: C:\WINDOWS\system32\es.dll
20:13:03 | Registered: C:\WINDOWS\system32\fontext.dll
20:13:03 | Registered: C:\WINDOWS\system32\hlink.dll
20:13:04 | Registered: C:\WINDOWS\system32\hnetcfg.dll
20:13:04 | Registered: C:\WINDOWS\system32\iedkcs32.dll
20:13:04 | Registered: C:\WINDOWS\system32\iepeers.dll
20:13:04 | Registered: C:\WINDOWS\system32\ils.dll
20:13:04 | Registered: C:\WINDOWS\system32\inetcfg.dll
20:13:04 | Registered: C:\WINDOWS\system32\inetcomm.dll
20:13:04 | Registered: C:\WINDOWS\system32\laprxy.dll
20:13:04 | Registered: C:\WINDOWS\system32\lmrt.dll
20:13:04 | Registered: C:\WINDOWS\system32\mlang.dll
20:13:05 | Registered: C:\WINDOWS\system32\mmcndmgr.dll
20:13:06 | Registered: C:\WINDOWS\system32\mmcshext.dll
20:13:06 | Registered: C:\WINDOWS\system32\mscoree.dll
20:13:06 | Registered: C:\WINDOWS\system32\mshtmled.dll
20:13:06 | Registered: C:\WINDOWS\system32\msoeacct.dll
20:13:06 | Registered: C:\WINDOWS\system32\msr2c.dll
20:13:06 | DllInstalled: C:\WINDOWS\system32\mydocs.dll
20:13:06 | Registered: C:\WINDOWS\system32\mydocs.dll
20:13:06 | Registered: C:\WINDOWS\system32\mstime.dll
20:13:07 | Registered: C:\WINDOWS\system32\netcfgx.dll
20:13:07 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
20:13:07 | Registered: C:\WINDOWS\system32\netplwiz.dll
20:13:07 | Registered: C:\WINDOWS\system32\netman.dll
20:13:07 | Registered: C:\WINDOWS\system32\netshell.dll
20:13:07 | Registered: C:\WINDOWS\system32\ntmsevt.dll
20:13:07 | Registered: C:\WINDOWS\system32\ntmsmgr.dll
20:13:07 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
20:13:07 | Registered: C:\WINDOWS\system32\ntmssvc.dll
20:13:07 | DllInstalled: C:\WINDOWS\system32\occache.dll
20:13:07 | Registered: C:\WINDOWS\system32\occache.dll
20:13:07 | Registered: C:\WINDOWS\system32\ole32.dll
20:13:07 | Registered: C:\WINDOWS\system32\oleaut32.dll
20:13:07 | Registered: C:\WINDOWS\system32\oleacc.dll
20:13:07 | Registered: C:\WINDOWS\system32\olepro32.dll
20:13:08 | DllInstalled: C:\WINDOWS\system32\photowiz.dll
20:13:08 | Registered: C:\WINDOWS\system32\photowiz.dll
20:13:08 | Registered: C:\WINDOWS\system32\remotepg.dll
20:13:08 | Registered: C:\WINDOWS\system32\rpcrt4.dll
20:13:08 | Registered: C:\WINDOWS\system32\rshx32.dll
20:13:08 | Registered: C:\WINDOWS\system32\sendmail.dll
20:13:08 | Registered: C:\WINDOWS\system32\slayerxp.dll
20:13:08 | Registered: C:\WINDOWS\system32\shell32.dll
20:13:13 | DllInstalled: C:\WINDOWS\system32\shell32.dll
20:13:13 | Registered: C:\WINDOWS\system32\shmedia.dll
20:13:14 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
20:13:14 | Registered: C:\WINDOWS\system32\shimgvw.dll
20:13:14 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
20:13:14 | Registered: C:\WINDOWS\system32\shsvcs.dll
20:13:14 | Registered: C:\WINDOWS\system32\srclient.dll
20:13:14 | Unregistered: C:\WINDOWS\system32\stobject.dll
20:13:14 | Registered: C:\WINDOWS\system32\stobject.dll
20:13:14 | Registered: C:\WINDOWS\system32\twext.dll
20:13:14 | DllInstalled: C:\WINDOWS\system32\urlmon.dll
20:13:14 | Registered: C:\WINDOWS\system32\urlmon.dll
20:13:14 | Registered: C:\WINDOWS\system32\userenv.dll
20:13:14 | Registered: C:\WINDOWS\system32\winhttp.dll
20:13:14 | DllInstalled: C:\WINDOWS\system32\wininet.dll
20:13:14 | Registered: C:\WINDOWS\system32\zipfldr.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdadc.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaenum.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaer.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaipp.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaora.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaosp.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaps.dll
20:13:14 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdasc.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdasql.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdatt.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaurl.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdmeng.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdmine.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msmdcb80.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msmdgd80.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msolap80.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msolui80.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msxactps.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\oledb32.dll
20:13:15 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\oledb32r.dll
20:13:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\sqloledb.dll
20:13:16 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\sqlxmlx.dll

[b]und hier der log1.txt - file:[/b]

doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002d13

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Programme\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"SearchIndexer-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|"
"SearchIndexer-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|"
"SearchFilterHost-1"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|"
"SearchFilterHost-2"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:c0,03,88,03,e4,4b,34,48,99,11,bd,68,e5,12,4c,ae
"AdjustedNullSessionPipes"=dword:00000001
"srvcomment"="I*** B***"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00


[HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa]


[HKEY_CURRENT_USER\Software\Microsoft\OLE]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Nachrichtendienst"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können."
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DisplayName"="Remote-Registrierung"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Group"=""
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,65,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
74,6c,6e,74,73,76,72,2e,65,78,65,00
"DisplayName"="Telnet"
"DependOnService"=hex(7):52,50,43,53,53,00,54,43,50,49,50,00,4e,54,4c,4d,53,53,\
50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"=hex(2):45,72,6d,f6,67,6c,69,63,68,74,20,65,69,6e,65,6d,20,52,65,\
6d,6f,74,65,62,65,6e,75,74,7a,65,72,2c,20,73,69,63,68,20,61,6e,20,64,69,65,\
73,65,6d,20,43,6f,6d,70,75,74,65,72,20,61,6e,7a,75,6d,65,6c,64,65,6e,20,75,\
6e,64,20,50,72,6f,67,72,61,6d,6d,65,20,61,75,73,7a,75,66,fc,68,72,65,6e,2e,\
20,55,6e,74,65,72,73,74,fc,74,7a,74,20,76,65,72,73,63,68,69,65,64,65,6e,65,\
20,54,43,50,2f,49,50,2d,54,65,6c,6e,65,74,63,6c,69,65,6e,74,73,2c,20,65,69,\
6e,73,63,68,6c,69,65,df,6c,69,63,68,20,55,4e,49,58,2d,62,61,73,69,65,72,74,\
65,6e,20,75,6e,64,20,57,69,6e,64,6f,77,73,2d,62,61,73,69,65,72,74,65,6e,20,\
43,6f,6d,70,75,74,65,72,6e,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,\
65,6e,73,74,20,61,6e,67,65,68,61,6c,74,65,6e,20,77,69,72,64,2c,20,69,73,74,\
20,64,65,72,20,52,65,6d,6f,74,65,7a,75,67,72,69,66,66,20,6d,f6,67,6c,69,63,\
68,65,72,77,65,69,73,65,20,6e,69,63,68,74,20,6d,65,68,72,20,76,65,72,66,fc,\
67,62,61,72,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,65,6e,73,74,20,\
64,65,61,6b,74,69,76,69,65,72,74,20,77,69,72,64,2c,20,6b,f6,6e,6e,65,6e,20,\
61,6c,6c,65,20,44,69,65,6e,73,74,65,2c,20,64,69,65,20,65,78,70,6c,69,7a,69,\
74,20,76,6f,6e,20,64,69,65,73,65,6d,20,44,69,65,6e,73,74,20,61,62,68,e4,6e,\
67,65,6e,2c,20,6e,69,63,68,74,20,6d,65,68,72,20,67,65,73,74,61,72,74,65,74,\
20,77,65,72,64,65,6e,2e,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000378
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):00,73,63,65,63,6c,69,00,73,63,65,63,6c,69,00,00
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:14,30,e3,7f,a6,ad,10,cc,4d,fe,56,36,ef,3a,d9,c9,62,38,33,62,35,\
31,62,34,00,00,00,00,32,e1,00,00,18,ca,06,00,99,d0,b7,71,04,ca,06,00,10,00,\
00,00,00,00,00,00,c8,48,eb,96,f0,05,3b,c1,a5,06,48,b8

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:c8,28,3b,2d,07,c2,a1,1f,b9

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:d6,8a,ea,67,2a,bf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]
"MachineSid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,2f,60,eb,44,d1,3d,9c,7a,\
2e,06,51,52,56,06,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:24,78,16,04,a9,b3,01,a2,6b,41,47,d0,3e,af,9c,a3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:b4,0c,63,7c,e3,16,c8,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,e0,60,91,1a,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,e0,60,91,1a,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,e0,60,91,1a,7a,c4,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

So jetzt aber - ich hatte noch das Clean up - Programm (2.1.1, oder so drauf) und das hat er beim hochfahren immer angezeigt. Als ich das mit "Schließen" weggedrückt hatte kam sofort die Fehlermeldung (wie beschrieben - Disk Error..." Nun ist Clean up deinstalliert worden und prompt auch keine Fehlermeldung mehr!!! Der IE scheint im Moment auch wieder einwandfrei zu funktionieren. Nochmals vielen Dank für den MEGA-SUPPORT!!!
Toni20 grüßt Sabina!
Dieser Beitrag wurde am 29.04.2008 um 20:51 Uhr von toni20 editiert.
Seitenanfang Seitenende
29.04.2008, 02:03
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 hallo,

das ist ein Firmenrechner ?
ich frage dich, weil ich gern einige Ports schliessen und Dienste deaktivieren würde, doch keine Ahnung, ob du telnet usw. brauchst. (Sicherheit !)
ist dir der Name ein Begriff : "I B" ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.04.2008, 21:16
toni20
...neu hier

Themenstarter

Beiträge: 9
#18 Ja gehört noch der Firma und den Namen kenne ich. Kannst du Ihn bitte unkenntlich machen.
Wegen der Ports und Dienste kann ich wenig dazu sagen, der wurde in der fa. gecustomized. Der Rechner soll aber bald übergehen, was ist dann von meiner Seite zu tun...?
Schöner Gruß,
Toni20
Seitenanfang Seitenende
30.04.2008, 01:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 nun, ich dachte mir schon zu Beginn, dass dies ein Firmenrechner ist, in diesem Fall sollte man nicht reinigen, sondern formatieren ;)
Denn es ist schon ein Unterschied, ob man einen Privatrechner hat und ein bisschen zockt damit, oder einen Rechner mit Anbindung an ein Firmennetzwerk
Belassen wir es dabei, kompromitiert ist der Rechner, du solltest kein Onlinebanking o.s. damit machen.
Auch wenn er jetzt erst mal wieder clean ist.... wenn er dann ganz dir gehört, formatiere, lege ein vernünftiges Backup an
z.b mit : trueimage
http://virus-protect.org/artikel/tools/trueimage.html
und es gibt nie wieder einen Grund, bei Protecus reinzugucken ;) ;) ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12