This page has been robot translated, sorry for typos if any. Original content here.

Win32.Sector (WIN32.Sality)



Win32.Sector (WIN32.Sality) - Dateivirus, infiziert Systemdienst-exe-Kurznamen, Autorun und Programme, die der Benutzer häufig verwendet.


Symptome von Win32.Sector (WIN32.Sality)
1. Der Task-Manager taskmgr.exe und der Registrierungseditor regedit sind blockiert.
( Wenn Sie versuchen zu starten, wird im Fenster angezeigt, dass der Maulwurf vom Sysadmin blockiert wurde. )
2. Der Virus erzeugt tollwütigen Datenverkehr ( Pakete werden ständig mit dem Netzwerk ausgetauscht )
3. ( ! ) Beim Versuch, die Netzwerkverbindung programmgesteuert zu deaktivieren, startet das System neu / bluscreen
4. ( ! ) Beim Versuch, in den "abgesicherten Modus" zu booten - bluskrin
5. Alle Software außer Antivirensoftware funktioniert einwandfrei.
6. ( ! ) Wenn Sie versuchen, ein Antivirenprogramm zu starten, wird es sofort geschlossen
7. Der Zugriff auf Websites von Antiviren-Unternehmen ist gesperrt
8. Wenn dies der 28682-Sektor ist, fliegen beim Booten des Systems alle Gerätetreiber ( im Device Dispatcher, gegenüber der Hardware, gelbe Ausrufezeichen: "Der Treiber ist tot und kann nicht in den RAM geladen werden ..."; daher auch nicht Netzwerk, kein USB, Auflösung 800x600, 8 Bit )


Win32.Sector-Behandlungstools (WIN32.Sality)

- WinPE auf CD / USB ( muss alle Dateien unter einem anderen System überprüfen )
- Dr.Web CureIt unbedingt mit aktuellen (read: fresh ) Datenbanken
- Trojaner-Entferner ( erst behandeln wir infizierte Arbeiter mit dem Web, dann beenden wir mit einem Entferner )
- AVZ oder reg-files ( notwendig um Blockierungsrichtlinien zu entfernen )
- Installationsdiskette mit Betriebssystemdistribution (Sie müssen die Systemdateien auf Integrität prüfen )


Anweisungen zur Behandlung von Win32.Sector (WIN32.Sality)
1. Sie müssen das Netzkabel so schnell wie möglich aus dem Computer ziehen
( Wenn Sie versuchen, das Netzwerk programmgesteuert über "Netzwerkverbindungen" zu trennen, startet der Virus das Betriebssystem neu. )

2. Installieren Sie Unlocker und Process Explorer, starten Sie Process Explorer und geben Sie 5-7 processors cmd ein

3. Geben Sie dem aktuellen Benutzer Zugriff auf die SystemVolumeInformation-Ordner, entsperren Sie sie mit Unlocker und speichern Sie sie

4. User Tempo bereinigen ( Start -> Ausführen ->% temp% [Enter] )

5. Bereinigen Sie den IE-Ordner für temporäre Dateien ( C: \ Dokumente und Einstellungen \ Kontoname \ Lokale Einstellungen \ Temporäre Internetdateien ).

6. Starten Sie neu, starten Sie von Live-WinPE und führen Sie CureIT aus
(Eine vollständige Überprüfung aller Dateien ist erforderlich. Bei den meisten handelt es sich um Startdateien. Antivirenprogramme heilen ab.)

7. nach der behandlung - wir laden im normalen modus (bisher sicher durch die "linken" schlüssel in der registrierung gesperrt ) und werden von trojan remover überprüft

8. Wir scannen Windows-Dateien auf Integrität ( Start -> Ausführen -> sfc / scannow )
* unvergesslich, CD CD mit verteilen zu füttern

9. Danach starten wir das System neu, säubern die Registry ( CCleaner / RegOrganizer / head + regedit )

10. Verwenden Sie Registry Tweaks, um die "Nebenwirkungen" des Virus zu beseitigen:

restore_taskmgr.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 0


restore_regedit.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableRegistryTools" = dword: 0


restore_hidden.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Erweitert \ Ordner \ Versteckt]
"Text" = "@ shell32.dll, -30499"
"Typ" = "Gruppe"
"Bitmap" = hex (2): 25.00.53.00.79.00.73.00.74.00.65.00.6d, 00.52.00.6f, 00.6f, 00.74 , \
00.25.00.5c, 00.73.00.79.00.73.00.74.00.65.00.6d, 00.33.00.32.00.5c, 00.53.00, \
48.00.45.00.4c, 00.4c, 00.33.00.32.00.2e, 00.64.00.6c, 00.6c, 00.2c, 00.34.00.00, \
00
"HelpID" = "shell.hlp # 51131"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Erweitert \ Ordner \ Versteckt \ NOHIDDEN]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Erweitert"
"Text" = "@ shell32.dll, -30501"
"Type" = "Radio"
"CheckedValue" = dword: 00000002
"ValueName" = "Versteckt"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51104"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Erweitert \ Ordner \ Versteckt \ SHOWALL]
"RegPath" = "Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Erweitert"
"Text" = "@ shell32.dll, -30500"
"Type" = "Radio"
"CheckedValue" = dword: 00000001
"ValueName" = "Versteckt"
"DefaultValue" = dword: 00000002
"HKeyRoot" = dword: 80000001
"HelpID" = "shell.hlp # 51105"


restore_safe_mod.reg
 Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Base]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot Bus Extender]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Boot-Dateisystem]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ DcomLaunch]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmboot.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmio.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmload.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Dateisystem]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Filter]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ HelpSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PCI-Konfiguration]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PlugPlay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ PNP-Filter]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ Primärdatenträger]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SCSI-Klasse]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sermouse.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ sr.sys]
@ = "FSFilter Systemwiederherstellung"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ System Bus Extender]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vga.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ vgasave.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM-Laufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "DiskDrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard-Diskettencontroller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Tastatur"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Maus"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA-Adapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Diskettenlaufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Minimal \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network]

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AFD]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ AppMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Base]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot Bus Extender]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Boot-Dateisystem]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Browser]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ CryptSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DcomLaunch]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Dhcp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmadmin]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmboot.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmio.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmload.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ dmserver]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ DnsCache]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ EventLog]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ File system]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Filter]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ HelpSvc]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ip6fw.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ ipnat.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanServer]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LanmanWorkstation]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ LmHosts]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Messenger]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NDIS Wrapper]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Ndisuio]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOS]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBIOSGroup]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetBT]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetDDEGroup]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Netlogon]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetMan]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Network]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NetworkProvider]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ nm.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ NtLmSsp]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PCI Configuration]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PlugPlay]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP Filter]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ PNP_TDI]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Primärdatenträger]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpcdd.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpdd.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdpwd.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ rdsessmgr]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ RpcSs]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SCSI-Klasse]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sermouse.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SharedAccess]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ sr.sys]
@ = "FSFilter Systemwiederherstellung"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ SRService]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Streams-Treiber]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ System Bus Extender]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ Tcpip]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ TDI]
@ = "Treibergruppe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdpipe.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ tdtcp.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ termservice]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vga.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ vgasave.sys]
@ = "Fahrer"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WinMgmt]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ WZCSVC]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {36FC9E60-C465-11CF-8056-444553540000}]
@ = "Universal Serial Bus Controller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E965-E325-11CE-BFC1-08002BE10318}]
@ = "CD-ROM-Laufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E967-E325-11CE-BFC1-08002BE10318}]
@ = "DiskDrive"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E969-E325-11CE-BFC1-08002BE10318}]
@ = "Standard-Diskettencontroller"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96A-E325-11CE-BFC1-08002BE10318}]
@ = "Hdc"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96B-E325-11CE-BFC1-08002BE10318}]
@ = "Tastatur"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E96F-E325-11CE-BFC1-08002BE10318}]
@ = "Maus"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E972-E325-11CE-BFC1-08002BE10318}]
@ = "Net"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E973-E325-11CE-BFC1-08002BE10318}]
@ = "NetClient"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E974-E325-11CE-BFC1-08002BE10318}]
@ = "NetService"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E975-E325-11CE-BFC1-08002BE10318}]
@ = "NetTrans"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E977-E325-11CE-BFC1-08002BE10318}]
@ = "PCMCIA-Adapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97B-E325-11CE-BFC1-08002BE10318}]
@ = "SCSIAdapter"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E97D-E325-11CE-BFC1-08002BE10318}]
@ = "System"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {4D36E980-E325-11CE-BFC1-08002BE10318}]
@ = "Diskettenlaufwerk"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@ = "Volume"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot \ Network \ {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@ = "Human Interface Devices"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa]
"Authentifizierungspakete" = hex (7): 6d, 00,73,00,76,00,31,00,5f, 00,30,00,00,00,00,00, \
00

11. Wir hängen eine normale Verteidigung (Antivirus mit aktuellen Datenbanken + Firewall + Antispyware)