Ich glaub ich habe hallus.. Aber vor 2h waren die noch nicht auf meinem Rechner.
Ich habe im Dokumente und Einstellungs Ordner von Windows.. Also in meinem Account plötzlich .reg datein die kenne ich erstens nicht und zweitens sieht der inhalt irgendwie merkwürdig aus.. Ich poste mal
dcom.reg
Zitat
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,0
0,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f
,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00
,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00
,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00
,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,0
0,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f
,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00
,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00
,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,0
0,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03
,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01
,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00
,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,0
0,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f
,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00
,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00
,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00
,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,0
0,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f
,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00
,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00
,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,0
0,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03
,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01
,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00
,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
handler_gopher.reg
Zitat
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\gopher]
@="URL:Gopher-Protokoll"
"EditFlags"=dword:00000002
"URL Protocol"=""
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKEY_CLASSES_ROOT\gopher\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00
,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00
,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\gopher\shell]
[HKEY_CLASSES_ROOT\gopher\shell\open]
[HKEY_CLASSES_ROOT\gopher\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
[HKEY_CLASSES_ROOT\gopher]
@="URL:Gopher-Protokoll"
"EditFlags"=dword:00000002
"URL Protocol"=""
"Source Filter"="{E436EBB6-524F-11CE-9F53-0020AF0BA770}"
[HKEY_CLASSES_ROOT\gopher\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00
,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00
,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\gopher\shell]
[HKEY_CLASSES_ROOT\gopher\shell\open]
[HKEY_CLASSES_ROOT\gopher\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec]
@="\"%1\",,-1,0,,,,"
"NoActivateHandler"=""
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Application]
@="IExplore"
[HKEY_CLASSES_ROOT\gopher\shell\open\ddeexec\Topic]
@="WWW_OpenURL"
handler_telnet.reg
Zitat
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\telnet]
@="URL:Telnet-Protokoll"
"EditFlags"=dword:00000002
"URL Protocol"=""
[HKEY_CLASSES_ROOT\telnet\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00
,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00
,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\telnet\shell]
[HKEY_CLASSES_ROOT\telnet\shell\open]
[HKEY_CLASSES_ROOT\telnet\shell\open\command]
@="rundll32.exe url.dll,TelnetProtocolHandler %l"
[HKEY_CLASSES_ROOT\telnet]
@="URL:Telnet-Protokoll"
"EditFlags"=dword:00000002
"URL Protocol"=""
[HKEY_CLASSES_ROOT\telnet\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00
,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00
,32,00,5c,00,75,00,72,00,\
6c,00,2e,00,64,00,6c,00,6c,00,2c,00,30,00,00,00
[HKEY_CLASSES_ROOT\telnet\shell]
[HKEY_CLASSES_ROOT\telnet\shell\open]
[HKEY_CLASSES_ROOT\telnet\shell\open\command]
@="rundll32.exe url.dll,TelnetProtocolHandler %l"
Es sind noch erheblich mehr dateien... services.reg dcomp.reg smb.reg usw.
Ich geh über nen Router ins net, aber dadurch kann das nicht kommen.. Habe keine Firwall drauf habe diesen Laptop genauso eingerichtet wie den grossen... nach diesen Anleitungen hier..
Ich weiss nicht ob das ins sicherheits forum gehört.. aber ich bin der meinung das die reg dateien vor 2h noch nicht da waren.. kann mich auch täuschen.. aber sieht halt irgendwie gefährlich aus..
Habe die nicht ausgeführt nur editiert...
Danke für euren rat,... i hope..
Bitte lasst es nichts böses sein..