Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus :((( (https://www.trojaner-board.de/98954-virus.html)

Benni 91 11.05.2011 17:11
Virus :(((
 
Hi,

vor ca 2 wochen habe ich mir einen fiesen virus eingefangen

am anfang öffneten sich "nur" automatisch irgentwelche internetseiten und wenn ich den PC runterfahren wollte hatte ich jedes mal bluescreen (INTERNAL_POWER_ERROR), also musste ich jedes mal den stecker ziehn.

doch als ich vorgestern den Pc hochgefahren hatte, konnte ich mich zwar noch anmelden, jedoch war danach der bildschirm schwarz und nicht passierte. ich kann jedoch über den task manager noch die meisten programme starten (Firefox, Skype, ...), aber taskleiste, desktop usw sind hald nich da.
außerdem hab ich ca alle 20min bluescreen :/ windows neu installieren kann ich auch nicht, da ich die windows installations ordner am pc gespeichert habe.

habe windows 7 ultimate, regelmäßig virenchecks und updates gemacht (kostenloses avira); nachdem ich den virus runtergeladen hab, meldete avira ca alle 10-20 min funde, die ich dann immer in die quarantäne verschoben habe. Was es genau für ein virus ist, kann ich leider nicht sagen.

wäre über tips sehr dankbar!

Larusso 11.05.2011 17:17
:hallo:

Du bist hier im falschen Bereich aber ich werde dir schnell mal helfen um die benötigten Logfiles zu posten.

1. Bist du mit diesem PC hier Online ?

2.
Zitat:
ich kann jedoch über den task manager noch die meisten programme starten
Öffne den Taskmanager erneut Datei --> neuer Task und gib explorer.exe ein.

Berichte bitte

Benni 91 11.05.2011 17:24
DANKE für den Tip! explorer.exe und alles war wieder da

was mach ich jetzt? am besten windows neu istallieren?

Larusso 11.05.2011 17:30
Zitat:
was mach ich jetzt? am besten windows neu istallieren?
Immer der sicherste Weg aber man kann es sich auch genauer ansehen ob es notwendig ist.

Deine Entscheidung.

Egal für was du dich entscheidest würde ich mir gerne etwas ansehen.

Drücke die Windows + R Taste und kopiere folgenden Text in die Zeile

reg export "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" "%userprofile%\desktop\logon.txt"

Drücke auf OK

Poste mir den Inhalt der logon.txt mal hier bitte

Benni 91 11.05.2011 17:32
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="1"
"Shell"="explorer.exe"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"Userinit"="C:\\Windows\\system32\\userinit.exe"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"AutoRestartShell"=dword:00000001
"Background"="0 0 0"
"CachedLogonsCount"="10"
"DebugServerCommand"="no"
"ForceUnlockLogon"=dword:00000000
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PasswordExpiryWarning"=dword:00000005
"PowerdownAfterShutdown"="0"
"ShutdownWithoutLogon"="0"
"WinStationsDisabled"="0"
"DisableCAD"=dword:00000001
"scremoveoption"="0"
"ShutdownFlags"=dword:0000002b

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless Group Policy"
"DisplayName"=hex(2):40,00,77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessWLANPolicyEx"
"GenerateGroupPolicy"="GenerateWLANPolicy"
"DllName"=hex(2):77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@="Group Policy Environment"
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExEnviron"
"EventSources"="(Group Policy Environment,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@="Group Policy Local Users and Groups"
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
"EventSources"="(Group Policy Local Users and Groups,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@="Group Policy Device Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
"EventSources"="(Group Policy Device Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00
"DisplayName"=hex(2):40,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,32,00,36,00,31,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DisplayName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,30,00,00,00
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@="Group Policy Network Options"
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
"EventSources"="(Group Policy Network Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,34,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,31,00,00,00
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"NoSlowLink"=dword:00000001
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoGPOListChanges"=dword:00000001
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@="Group Policy Drive Maps"
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
"EventSources"="(Group Policy Drive Maps,Application)"
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@="Group Policy Folders"
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
"EventSources"="(Group Policy Folders,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,36,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@="Group Policy Network Shares"
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
"EventSources"="(Group Policy Network Shares,Application)"
"NoUserPolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,00,00
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@="Group Policy Files"
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
"EventSources"="(Group Policy Files,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,38,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@="Group Policy Data Sources"
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
"EventSources"="(Group Policy Data Sources,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@="Group Policy Ini Files"
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
"EventSources"="(Group Policy Ini Files,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,72,00,63,00,68,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,64,00,6c,00,6c,00,\
00,00
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@="Internet Explorer User Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"=dword:00000001
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@="Security"
"DisplayName"=hex(2):40,00,28,00,72,00,75,00,6e,00,74,00,69,00,6d,00,65,00,2e,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,29,00,5c,00,73,00,63,00,\
65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,36,00,35,\
00,30,00,00,00
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@="Deployed Printer Connections"
"DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,67,00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,00,00
"DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,67,\
00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@="Group Policy Services"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
"EventSources"="(Group Policy Services,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,00,00,00
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@="Internet Explorer Branding"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3014"
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@="Group Policy Folder Options"
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
"EventSources"="(Group Policy Folder Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@="Group Policy Scheduled Tasks"
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@="Group Policy Registry"
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
"EventSources"="(Group Policy Registry,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,34,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@="Group Policy Printers"
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
"EventSources"="(Group Policy Printers,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,36,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@="Group Policy Shortcuts"
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
"EventSources"="(Group Policy Shortcuts,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,63,00,6f,00,62,00,6a,00,2e,00,64,00,6c,00,6c,00,00,00
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"RequiresSucessfulRegistry"=dword:00000000
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoSlowLink"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00
"NoUserPolicy"=dword:00000000
"DisplayName"=hex(2):40,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,32,00,35,00,32,00,00,00
"PerUserLocalSettings"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@="TCPIP"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,34,00,00,00
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@="Internet Explorer Machine Accelerators"
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"NoGPOListChanges"=dword:00000001
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,\
00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\
6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,35,00,30,00,31,00,32,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@="Group Policy Internet Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyInternet"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
"EventSources"="(Group Policy Internet Settings,Application)"
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,38,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@="Group Policy Start Menu Settings"
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
"EventSources"="(Group Policy Start Menu Settings,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,39,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@="Group Policy Regional Options"
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
"EventSources"="(Group Policy Regional Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,30,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@="Group Policy Power Options"
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
"EventSources"="(Group Policy Power Options,Application)"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,31,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=hex(2):61,00,75,00,64,00,69,00,74,00,63,00,73,00,65,00,2e,00,64,00,\
6c,00,6c,00,00,00
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@="Group Policy Applications"
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"DllName"=hex(2):67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
"EventSources"="(Group Policy Applications,Application)"
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,00,00,00
"PerUserLocalSettings"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@="Enterprise QoS"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,33,00,00,00
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@="CP"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,35,00,00,00
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]

Larusso 11.05.2011 17:36
Das was ich sehen wollte ist OK.

Willst Du formatieren oder bereinigen. Es bleibt deine Entscheidung.
Solltest Du dich für eine Bereinigung entscheiden, bitte folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...beachten.html]

einen eigenen Thread erstellen in diesem Forum erstellen.
http://www.trojaner-board.de/plagege...n-bekaempfung/

Benni 91 11.05.2011 17:39
puh die is zienlich lang die hier hochzuladen würde ewig dauern

Larusso 11.05.2011 17:56
Warum 2x ?

http://www.trojaner-board.de/98954-v...tml#post656397

Benni 91 11.05.2011 17:56
der text is ziemlich lang würde ne zeit lang dauern den hier hochzuladen

Benni 91 11.05.2011 17:57
verdammt sry :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131